Yes, I have seen Hosts files that have been modified and sometimes hidden by malware. What strikes me as odd is that Bob rebuilt the file.........surely Windows would complain if you try to create a file of the same name in the same directory.............or at least warn you if you were going to replace an existing file?

Also, in the cases I have seen, the users were pretty well aware of the redirects and complained about them? I suppose it could be some sort of bungled or incompatible malware though.

On XP machines I tend to use Tall Emu's Online Armor.............it requires you to give permission to modifications of the Hosts file as well as running new processes and other changes. It is basically a combined firewall and behavioral monitor and is free for private use.

Ordinary applications installation and updates are fine as it will remember authorised programs and even has an application installation mode. You need to turn it off before applying Windows updates though, or it gets very annoying