Terminal Servers with Roaming Profiles. Remove spyware and it comes back!

Have you run your scans on the servers/clients in Safe Mode? If the issues keeps returning it sounds as if something is hiding from normal mode scans.
I'm uncertain as to what suites you are using for scanning. You might try malwarebytes (it's free and reliable).
www.malwarebytes.org

We purchased the viper software, but was a dead end on the roaming profiles.  ( so it seemed)  I am using spybot now -   I will try and boot in safe mode and run.  Thanks a bunch and will let you know how it turns out!

Also run Hitmanpro to see if it detects anything
http://www.surfright.nl/en/hitmanpro

Any name on the Malware?
Can you post scanner logfiles?

going to run it at lunch in safemode and will post results.   I just love yaw!

Run Hitmanpro in normal mode :)

I ran hitmanpro yesterday.  It  found nothing.   The next morning when users logged back on, the spysherriff appeared again.    
I also deleted all roaming profiles.

Here the unknown.   that program is top notch compared to task manager!  Thanks!
untitled1.bmp

Yeah, way better!

Print screen got cut off. Can you post the entire output of process explorer :)

There were only a few showing unable to verify -   from IBM that i think are ok and a miniwinagent.exe.    ( I am scanning a malwarebytes now)

It looks ok now, but i did clean everthing up this morning.   I just wonder what will be there on Monday.  At least witht the tool you showed me, I can pin point much better!   Thanks!

For miniwinagent.exe :
double click it in process explorer to find its path and upload it to virustotal
Post results if found as bad
http://www.virustotal.com/ :)