stopmalwaresite.com virus removed but browser still redirecting (hijacked) - how to fully clean??

This type of problem will only be cleaned and removed in safe-mode.  Please download the latest updates from the anti-spyware vendor and then manually update the files.  Since you internet does not work so you have to download from another PC.  After the update is done, reboot your PC into safe mode without networking and then run the anti-spyware software.

use unhackme also . go to tools --->  internet options -- > advanced tab ----> reset...  also tools ---> internet options --- > connections .. make sure all those are unchecked.  be careful with unhackme though only "get it out" on things that have weird file names likes fhnsiadhfuilf.dll... if you are unsure click the yellow leaf. then run a malwarebytes scan again. remove anything it catches then run a scan using Kaspersky Antivirus ***IMPORTANT*** before using kaspersky remove any other antivirus programs

Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Here is one possibility. The hosts file may have been edited to redirect to the IP for stopmalwaresite.com which appears to be 83.133.120.191

In Windows XP and Vista it is located at c:\windows\system32\drivers\etc

You can see it by clicking on Start, Run, c:\windows\system32\drivers\etc\hosts and open it with notepad.

If you try to edit the hosts file, and see that IP above, you can put # and space before it in each line it appears. Lines such as 127.0.0.1   local host are legitimate and can be left as is.

If you are unable to edit the hosts file, as it is readonly, there is a probably program running in memory that is preventing you saving changes. Consult back here for further assistance.

We've scanned with Malwarebytes, TdssKiller, HitmanPro and it can't find anything. All of the registry entries/files in question are not even there. The hosts file also has no entries in it besides the loopback. We are trying one last MBAM scan on safe mode...

Try Combofix and post the log here.

Also power off/unplug your router/modem for few mins and power up again

We just tried running combofix and I got a ton of "not a valid 32 bit application" errors then a final message saying the OS is not supported...
It created a weird directory on my C drive that is a random assortment of letters/numbers for the name and it has copies of iexplore.exe and other executables in it.

Rebooted in Safe mode, tried to run ComboFix and it says "need admin priveleges". We ran as Administrator...no clue what next to try.

Reboot machine.

Run in normal mode.
Right click Combofix and select "run as administrator".
Let the scan run.
It will produce logfile at the end to post here
:)

When I do that it says "You need administrator priveleges to run this tool". As mentioned I am right clicking and selecting "run as Administrator". On top of that, I am logged in as the Administrator.

I hate Windows Vista. I'm going to format and upgrade the client to Windows 7. Done with it.

Lol. Yeah vista is a right pain!

There was a report of a patched ws2_32.dll file that caused redirections.

http://remove-malware.com/antimalware/anti-malware-howto/ws2_32-dll-patched-this-malware-is-not-fun-at-all/

tskelly - your solution requires Combofix which does not run. I mentioned this in the comments above...

Strangely I tried another user account, which does not seem to be affected by the redirection. So I'm creating a new profile and moving all the documents over from the corrupted one and calling it a day.

I'm awarding points to the two steps that I took that definitely verified the virus was removed. Seeing that only the profile was corrupt makes me think this is a Vista issue as opposed to the virus still being present. Other profiles work great, so thanks for the reassurance that the virus is removed guys thanks!