problems with Trojan.Zlob-x.a

First let me say, I know nothing about computers - except email - so PLEASE keep everything simple ..................
I have a compaq presario F500 laptop running vista
A couple of days ago, I clicked install active x or something very similar to that.
Now I am getting a message every 2 minutes that says
"your system is probably infected with latest version of Trojan.Zlob-x.a and it wants you to click and goes to a defender website which I know is malware.
I have tried to follow the Read and Run Me first. I am going to try to attach the logs here.
I encountered 1 problem while trying to follow these steps. I could not run comboflix.exe. The first time I tried, it said memory full. I tried again as administrator and got the same message.
I continued with the rest of the steps. I am still getting the same message.

 

hijackthis log

 

Welcome to MG's!

Something didn't go right with the MGTools, try it once more.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

ok re-ran the MG Tools & AVG. Attached are the logs.
Thanks for getting back to me so quickly it was much appreciated. I know you guys are busy

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Pre-Instructions:
Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Next, we need to remove some files using Killbox.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\Windows\System32\f9t.dat into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Windows\System32\sysdivx.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Windows\System32\8B070543D4.sys into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Step 4: Begin here after rebooting from Step 3!
Next Reset Web Settings & Default Security Settings

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Step 5:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Step 6:
Finally, I would like you to install the current version of Sun Java: Sun Java Runtime Environment

Step 7:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

You guys ROCK!!!!!!!!!!!!!!!!
I followed all the steps ~~ no problems, no error messages!!
Everything seems to be running good ~~ no popup messages like before as of yet...
attached are the logs.
Thank You!!! Thank You!!! Thank You!!!

 

First, have HJT fix the entry below...

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\Windows\SMINST\launcher.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Windows\System32\8b0705~1.sys into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

completed those instructions, attached are logs.
once we get to where everything is fine, would you recommed what programs I need to run for protection
thanks again for all the time you have given my problem

 

I would like to look at a log from GMER, please follow the below.

Running GMER to detect rootkits

 

ok here is the last log.
I was able to pinpoint where I got this problem. Is it appropriate to warn people?? I guess you guys moderate the replys ~ so you can delete from my reply if need be.
From myspace.com I clicked on an ad for stalkertrak.com ~~~ this is where the trojan was installed on my computer. Someone later hacked into my myspace account and sent all of my friends a message from me telling them to click on this banner for an ad for stalker.com
Thanks!!!

 

I apologize for the delayed response, I've been really busy the past two weeks, with the holidays and work it's been crazy trying to keep things caught up.

Let's get some fresh logs, run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

ok here are the latest logs

 

Try running Post 11 again, something didn't go properly.