I went back and tried your tutorial with an XP victim PC and it worked. I configured lighttpd on BT3 and everything appeared to be functional. However, once the victim runs the payload, isn't his connection supposed to forward through eth0? Victim is only receiving your upgrade page. Also, the payload isn't removed, it remains in the temporary internet files.

Code:
Received data from: 10.0.0.254:60181 with length: 32 asking for: www.google.com
POISONED...
Received data from: 10.0.0.254:62623 with length: 29 asking for: www.cnn.com
POISONED...
Received data from: 10.0.0.254:56017 with length: 39 asking for: download718.avast.com
POISONED...
I'll writeup a walkthrough for BT3 once these remaining issues are addressed. Any idea on the Vista?

William