A combination of spybot & superantispyware is a good start


Unfortunately last time i had something very similar (maybe the same), I couldn't fight it and had to do a rebuild :/

tried malwayebytes this is my quick scan log


Malwarebytes' Anti-Malware 1.50.1.1100


Database version: 5974

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

06/03/2011 17:39:38
mbam-log-2011-03-06 (17-39-35).txt

Scan type: Quick scan
Objects scanned: 170412
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\kMhDbHh06315 (Rogue.SystemTool.M) -> Value: kMhDbHh06315 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\kmhdbhh06315\kmhdbhh06315.exe (Rogue.SystemTool.M) -> No action taken.

slected fix i got this
--------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100


Database version: 5974

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

06/03/2011 17:40:59
mbam-log-2011-03-06 (17-40-59).txt

Scan type: Quick scan
Objects scanned: 170412
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\kMhDbHh06315 (Rogue.SystemTool.M) -> Value: kMhDbHh06315 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\kmhdbhh06315\kmhdbhh06315.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.

Run it again in Safe Mode. If it keeps re-appearing, then it looks like you'll have to do a re-install.

I had a similar virus and I couldn't get rid of it no matter what I tried. It (or someone) even attempted to login to my eBay account as I got an alert from eBay saying that there had been unusual activity. It was a genuine alert as it was there on the My eBay / Inbox page as well. Luckily no damage done as I changed the account password pretty quickly.

Naturally, proceed with caution and try and try not to use the infected computer online until it's sorted.

im running a full system scan in non safe mode, the blue screen did not appear after the quick scan finished and restarted. Its been going for 40 minutes should i keep it running or reboot in safemode and start again ?

This sort of thing comes about either from compromised sites, or compromised banner ads, even if you think you are on a properly "safe" website.

If it does return, a system restore back to a day previous would likely shift it too...

Yes these type of viruses and their variants often infect some of the system restore files. Usually if Malwarebytes no longer returns any positives you should be OK. I think there's a way to delete the system restore files by turning off the feature (not sure on this).

There might however be other things affected, such as browser start pages, hosts file etc. Might be worth running CCleaner to delete the internet cache etc.

Also might be worth running Hijackthis, and pasting the log file into this site to look for any suspicious registry/ startup entries etc

Good shout, I'm a big fan of "hijack this". I've used to it get rid of a few similar viruses from friends and relatives machines over the last few years

I used Hitman Pro 3.5 a few months back and it was superb. It cleaned out all the crap and it found an infected Windows file and requested the Windows disk. Popped it in, it deleted the bad file and reinstalled the proper file automatically.

Highly recommended.