I have a WinXPSP3 PC that had Rogue.Antivirus2010 that was removed with Malwarebytes, Combofix and hijackthis
log files below
The system still has browser redirects to http://stop-malware-website.com
The Hosts file looks OK except that the usual sample information is gone and it only has the line 127.0.0.1 localhost
The registry setting for this is:
sePath is set to %SystemRoot%System32\drive
There is only an lmhosts.sam in this folder. There is not an lmhosts file in this folder.
There is not a proxy in the browser connection settings.
Appreciate any assistance.