Did you run your removal tools while booted to safemode without networking? All spyware cleaning should be done in safe mode.

Download HijackThis, which can scan for spyware and show running processes. While you're getting Rootkit Revealer, pick up Autoruns and Process Explorer. The latter will show which DLLs are associated with processes. Check the properties of these DLLs; recent creation date and missing meta-information are suspicious. Google searching the DLL names may also help.

Try using reged32.exe <regedt32? i forget> to browse your registry for malicious entries. I think that's the only program which can see the otherwise hidden overlong key names. Searching Google for the overlong key name invisibility bug may turn up more.

Maybe this is a Browser Helper Object (BHO) attached to your Active Desktop... which is just plain nasty. There is a good BHO remover, but I don't remember the name. You can find them in the reg key HKLM\Software\Microsoft\Windos\CurrentVersion\explorer\Browser Helper Objects. Their SIDs (long numeric names) are listed as subkeys. Copy the SID, go to the top of the registry, and run a search for the SID. Each should have an entry in HKLM\Software\CLASSES\CLID. Search your hard drive for the DLLs referenced in the subkey, and if they are suspiciousm delete the DLLs, CLSID key, and Browser Helper Object key.

Or, this could be very nasty, just above rootkit nasty, and be attaching itself to Winlogin or another early-loading service. Worst case, boot to safe mode with command prompt, run HijackThis (which loads in GUI), and use that to launch your other removal tools. As long as you don't run Explorer.exe, the hacked fundamental services won't load and you'll have full access to your own system.

And there are many spyware forums out there, so maybe someone has posted removal instructions. Good luck.