I have removed numerous infectons from a system.

4 Trojans
Win32/Tibs.HH

Win32/Vundo.gen!C

Win32/Vundo.gen!E

Win32/Zlob.2WY

Adware

Win32/Antivirus2008 - aka Trojan.FakeAlert.RL

Apparently I'm still missing one or more things.

These are the current issues:

1. Host file is ignored.  I've checked the registry and group policy,
nothing set that would in the normal places that would tell MSFT to look
somewhere else or disable it.

2. IE7 allows me to google but all links are bogus and point somewhere else
and redirect.

3. I can type in addresses that work, like superantispyware but I cannot
download it.  I've downloaded it on another system and have even installed
it but sometimes the 'check for updates' will fail and partly into the scan,
it reboots the system.

4. Finally got Defender to install but updates check returns: 0x80060422.

5. DEP was blocking IE7 and notepad.  Modified DEP to 'all' and then added
those to be able to use them.  Had to return it back to Windows only to get
Defender to install.

6. Windows Live OneCare Online Security Scan found the trojans, some were in
recent restore points.  Those have been removed.

7. Running am EMSI A-Squared (ActiveX control) scan now but nothing found so
far.

8. I uninstalled IE7 (using IE6 now).  IE still hooked and even though I
hard coded the IP for www.superantispyware.com in the hosts file, it returns
a failure. "Ping request could not find host www.superantispyware.com Please
check the name and try again.

9. I ran a sfc /scannow - no change to anything.

The hosts file has me baffled and leads me to believe something is still
present and capturing the call.  I cannot get my sniffer to work on that
system.  Filemon would take me quite awhile to get information from it.
Process Explorer didn't show anything revealing.

I feel it's tied to a profile because if we kill the admin profile and
recreate it, it works.  Any idea what I'm missing or possible tasks to try?