Just a few things you may eventually come across:
Getting an NDR stating #500 Firewall Error# is usually the fault of Cisco IOS. Chances are you have the ip inspect command set for smtp/esmtp. Removing this resolves the error (which may be inconsistent and difficult to replicate on demand).
Fixing Fake AntiVirus spyware infections is very easy in a domain environment through the use of PSLIST/PSKILL from the PSTOOLS package that Microsoft has available through Sysinternals. It appears that most fake antivirus programs associate themselves with the “exefile” class and redirect .exe to a “scefile” class where it loads its own executable as a wrapper. If by chance you can still run regedit (some block it… others don’t) you can remove the wrapper from the key in regedit and then set permissions on the key to read only for everyone. This will allow you to download and install MalwareBytes and/or ComboFix. Other times regedit is blocked and you will have to locate the file itself (almost always in the user’s temp files) and set permissions to deny full control to everyone and end the task. If you are looking for AntiVirus software that works well in preventing this type of spyware infection, either Symantec Endpoint (11.0.5 is latest release) or Microsoft Forefront Client Security seem to work very well.