Help & unknown MGTools errors

Thank you in advance.

ZoneAlarm Security Suite 8's On-Access scanner caught three files while I was browsing.
(All were in C:\Documents and Settings\CarpElgin\Local Settings\Temp\)

• Trojan.Win32.Agent.bcbh - in prun.tmp (Repair Failed/ Quarentine OK)
• Trojan.Win32.Monderb.aceg - rasesnet.tmp (Repair Failed/ Quarentine OK)
• Trojan.Win32.Patched.dw - seneka96f.tmp (Repair & Quarentine Failed - When asked... I chose delete.)

About the same time, a pop-up appeared 3 or 4 times (I forgot to write down exactly what it was -- either an "update your definitions for a program you don't have" or "install our fake virus scan.") I dismissed with the close window X in the corner. I also noticed the Java icon in my notification tray.

I couldn't access the ZoneAlarm links for more info on the viruses, I couldn't access the site (using ie7 firefox or safari). I couldn't really visit any security sites. Laptop started to shutting down ("DCOM Server Process launcher terminated.... etc.") which I couldn't stop via the task manager.

(Later... I learned entering "shutdown -a" from the command prompt stopped it after having to restart several scans.)

SO...

1. Downloaded updates for Spybot (from a mac), Immunized, and Scanned, which found AntiSpywareMaster entries & Windows Security Center Disabled (probably because of ZoneAlarm.)
2. Installed HijackThis to see if I could see anything easy to fix. I located the files I could tell were involved, but just wrote them down.
   
3. Read & Run Me First & XP Cleanup, downloading the programs (and updates) on another computer. Pretty much OK, I froze up ComboFix and needed to restart, but the second time it ran fine.
   
4. The first time I ran MGTools, I got an error message from HijackThis. (JPG)
   
   Code:

   Please help us improve HijackThis by reporting this error
   
   Click 'Yes' to submit
   
   Error Details:
   An unexpected error has occurred at procedure: 
   modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
   Error #5 – Invalid procedure call or argument
   
   Windows version: Windows NT 5.0.1.2600
   MSIE version: 7.0.5730.11
   HijackThis version: 2.0.2

5. Restarted PC & ran MGTools.exe again. This time I got errors (I can't seem to find any other mention of them.) I ran it once or twice more, I still get the same results.
   • Code:

     Error: Key: SOFTWARE\swearware does not exist!

   • Error Message Window "ProcessDll.exe – Common Language Runtime Debugging Services" (JPG):
     
     Code:

     Application has generated an exception that could not be handled.
     
     Process id=0x4ec(1260),Thread id=0x47c(1148) 

     Followed by this in the command prompt window (JPG – Full Contents of Window)
     Code:

     Unhandled Exception: System.InvalidOperationException: 
     Process performance counter is disabled, so the requested operation cannot be performed.
     …

I couldn't find anything in the forums on these errors (is it because I have .NET Framework 1.1 & 2.0 installed?) I'm not sure everything is fixed... although the obvious problems are gone (no shutting down, can get to majorgeeks.com and download updates.)

Then, ZoneAlarm stopped and quarantined:

• Trojan-Dropper.Win32.Agent.adhp from C:\WINDOWS\system32\k9261108.exe.

So I guess I really do need help. Do I need to re-run anything or get new logs?

 

And the MGTools logs.

 

Yes, it's the full suite. And no more problems.

Thank you. That'll teach me not to run as an administrator!