I am running a thoroughly updated version of XP Home Edition. After my wife
was doing some questionable surfing and downloading (free scrapbooking
content, of all things), and after encountering a highly suspicious website,
I now get the following message:

The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
Windows image. Please check this against your installation diskette.

I get the same message for every application that loads at startup, or every
time I launch a new application. I have to click OK about 25 times every
time I startup. My AVG Antivirus and Webroot Spysweeper tells me I have no
malicious software, but given the timing of all this, I am dubious. I'm
waiting for the delivery of an external hard drive to back up my data, and go
through a clean install, but I would like to avoid that step, if someone
could tell me an easier way to fix this problem.

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/?kbid=316434
--
Regards

Ron Badour
MS MVP
Windows Desktop Experience


"Daniniowa" <(E-Mail Removed)> wrote in message
news:5040FDA0-184B-4852-B5F1-(E-Mail Removed)...
>I am running a thoroughly updated version of XP Home Edition. After my
>wife
> was doing some questionable surfing and downloading (free scrapbooking
> content, of all things), and after encountering a highly suspicious
> website,
> I now get the following message:
>
> The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
> Windows image. Please check this against your installation diskette.
>
> I get the same message for every application that loads at startup, or
> every
> time I launch a new application. I have to click OK about 25 times every
> time I startup. My AVG Antivirus and Webroot Spysweeper tells me I have
> no
> malicious software, but given the timing of all this, I am dubious. I'm
> waiting for the delivery of an external hard drive to back up my data, and
> go
> through a clean install, but I would like to avoid that step, if someone
> could tell me an easier way to fix this problem.

Get rid of spysweeper, it's junk.
Get adaware and do a search for hijackthis, read the instructions carefully .

"Daniniowa" wrote:

> I am running a thoroughly updated version of XP Home Edition. After my wife
> was doing some questionable surfing and downloading (free scrapbooking
> content, of all things), and after encountering a highly suspicious website,
> I now get the following message:
>
> The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
> Windows image. Please check this against your installation diskette.
>
> I get the same message for every application that loads at startup, or every
> time I launch a new application. I have to click OK about 25 times every
> time I startup. My AVG Antivirus and Webroot Spysweeper tells me I have no
> malicious software, but given the timing of all this, I am dubious. I'm
> waiting for the delivery of an external hard drive to back up my data, and go
> through a clean install, but I would like to avoid that step, if someone
> could tell me an easier way to fix this problem.

Daniniowa wrote:

> I am running a thoroughly updated version of XP Home Edition. After my
> wife was doing some questionable surfing and downloading (free
> scrapbooking content, of all things), and after encountering a highly
> suspicious website, I now get the following message:
>
> The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
> Windows image. Please check this against your installation diskette.
>
> I get the same message for every application that loads at startup, or
> every
> time I launch a new application. I have to click OK about 25 times every
> time I startup. My AVG Antivirus and Webroot Spysweeper tells me I have
> no
> malicious software, but given the timing of all this, I am dubious. I'm
> waiting for the delivery of an external hard drive to back up my data, and
> go through a clean install, but I would like to avoid that step, if
> someone could tell me an easier way to fix this problem.

You're definitely infected, probably with a Vundo trojan.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

These may work for you and all may be well. However, in many cases the
computer is also infected with Zlob and/or Vundo trojans and protected by a
rootkit. These machines are extremely difficult to clean.

If your machine is one of these cases, either get guided help at one of the
specialty forums below OR back up your data and do a clean install of
Windows. It is your choice.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

Thanks Malke for your thorough response. I have a couple more questions
about re-installing windows, if you or someone else will continue to indulge
my ignorance.

1. My computer has a recovery utility on a separate partition, is this safe
to use, or do I need to wipe everything, and re-install from my backup disks?

2. Is re-formatting the hard drive and re-installing the OS enough when my
computer is so thoroughly trashed, or should I use some sort of disk erasing
utility? If so, which one is best?

3. Sorry about posting the log, I'm new to this thanks to my wife
"Malke" wrote:

> Daniniowa wrote:
>
> > I am running a thoroughly updated version of XP Home Edition. After my
> > wife was doing some questionable surfing and downloading (free
> > scrapbooking content, of all things), and after encountering a highly
> > suspicious website, I now get the following message:
> >
> > The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
> > Windows image. Please check this against your installation diskette.
> >
> > I get the same message for every application that loads at startup, or
> > every
> > time I launch a new application. I have to click OK about 25 times every
> > time I startup. My AVG Antivirus and Webroot Spysweeper tells me I have
> > no
> > malicious software, but given the timing of all this, I am dubious. I'm
> > waiting for the delivery of an external hard drive to back up my data, and
> > go through a clean install, but I would like to avoid that step, if
> > someone could tell me an easier way to fix this problem.
>
> You're definitely infected, probably with a Vundo trojan.
>
> Go through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/...moving_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to do
> all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://tinyurl.com/yoeru3 - download link and more instructions
>
> These may work for you and all may be well. However, in many cases the
> computer is also infected with Zlob and/or Vundo trojans and protected by a
> rootkit. These machines are extremely difficult to clean.
>
> If your machine is one of these cases, either get guided help at one of the
> specialty forums below OR back up your data and do a clean install of
> Windows. It is your choice.
>
> PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.
>
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
> the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/...splay.php?f=25
> http://www.geekstogo.com/forum/Malwa..._Here-f37.html
> http://www.malwarebytes.org/forums/i...hp?showforum=7
> http://gladiator-antivirus.com/forum...?showforum=170
> http://spywarewarrior.com/viewforum.php?f=5
> http://forums.techguy.org/54-security/
> http://forums.tomcoyote.org/
> http://www.thespykiller.co.uk/index.php?board=3.0
> http://forums.subratam.org/index.php?showforum=7
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> FAQ - http://www.elephantboycomputers.com/#FAQ
>
>

"Daniniowa" <(E-Mail Removed)> wrote in message
news:AE3164E9-F0C7-4DCC-81B8-(E-Mail Removed)...
> Thanks Malke for your thorough response. I have a couple more questions
> about re-installing windows, if you or someone else will continue to
> indulge
> my ignorance.
>
> 1. My computer has a recovery utility on a separate partition, is this
> safe
> to use, or do I need to wipe everything, and re-install from my backup
> disks?
>
> 2. Is re-formatting the hard drive and re-installing the OS enough when
> my
> computer is so thoroughly trashed, or should I use some sort of disk
> erasing
> utility? If so, which one is best?
>
> 3. Sorry about posting the log, I'm new to this thanks to my wife
> "Malke" wrote:
>
>> Daniniowa wrote:
>>
>> > I am running a thoroughly updated version of XP Home Edition. After my
>> > wife was doing some questionable surfing and downloading (free
>> > scrapbooking content, of all things), and after encountering a highly
>> > suspicious website, I now get the following message:
>> >
>> > The application or DLL C:\Windows\System32\zigulavo.dll is not a valid
>> > Windows image. Please check this against your installation diskette.
>> >
>> > I get the same message for every application that loads at startup, or
>> > every
>> > time I launch a new application. I have to click OK about 25 times
>> > every
>> > time I startup. My AVG Antivirus and Webroot Spysweeper tells me I
>> > have
>> > no
>> > malicious software, but given the timing of all this, I am dubious.
>> > I'm
>> > waiting for the delivery of an external hard drive to back up my data,
>> > and
>> > go through a clean install, but I would like to avoid that step, if
>> > someone could tell me an easier way to fix this problem.
>>
>> You're definitely infected, probably with a Vundo trojan.
>>
>> Go through these general malware removal steps systematically -
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> Include scanning with David Lipman's Multi_AV and follow instructions to
>> do
>> all scans in Safe Mode. Please see the special Notes regarding using
>> Multi_AV in Vista.
>>
>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>> http://tinyurl.com/yoeru3 - download link and more instructions
>>
>> These may work for you and all may be well. However, in many cases the
>> computer is also infected with Zlob and/or Vundo trojans and protected by
>> a
>> rootkit. These machines are extremely difficult to clean.
>>
>> If your machine is one of these cases, either get guided help at one of
>> the
>> specialty forums below OR back up your data and do a clean install of
>> Windows. It is your choice.
>>
>> PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.
>>
>> http://aumha.org/downloads/hijackthis.zip
>> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
>> and
>> the stickies *first*.
>> http://www.atribune.org/forums/index.php?showforum=9
>> http://aumha.net/viewforum.php?f=30
>> http://www.bleepingcomputer.com/forums/forum22.html
>> http://www.dslreports.com/forum/cleanup
>> http://www.cybertechhelp.com/forums/...splay.php?f=25
>> http://www.geekstogo.com/forum/Malwa..._Here-f37.html
>> http://www.malwarebytes.org/forums/i...hp?showforum=7
>> http://gladiator-antivirus.com/forum...?showforum=170
>> http://spywarewarrior.com/viewforum.php?f=5
>> http://forums.techguy.org/54-security/
>> http://forums.tomcoyote.org/
>> http://www.thespykiller.co.uk/index.php?board=3.0
>> http://forums.subratam.org/index.php?showforum=7
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers - Don't Panic!
>> FAQ - http://www.elephantboycomputers.com/#FAQ
>>
>>
Backup the your personal data first. Make certain that you have a CD with
the chipset drivers (get them from the manufacturer of your laptop). Do a
clean install with your XP CD. I believe that the XP CD only reformats the
partition which contains XP. If this is correct, then you need a 3rd party
utility which wipes the whole disk. I have no recommendation here.
Jim