# Could not load the DLL Library



## KimyKins007 (Nov 13, 2004)

Getting the following message whenever I try to install any & all downloads:
Could not load the DLL Library
C:\windows\TEMP\GLF1F2.TMP
One of the library files needed to run this application cannot be found.

*Download completes. I click the desktop icon to start the installation process ... it starts & almost finishes but then the error msg pops up & then I usually have to restart my pc to get out of it.
**Please help .... kiddos are driving me crazy wanting "MOM" to fix this. I can't possibly tell them that I don't have a clue!  

Thanks for any/all help.


----------



## dc57 (Oct 13, 2003)

Do a search for "C:\windows\TEMP\GLF1F2.TMP" and see if it exists. If so, try deleting it and then resart your computer and try to install the program.


----------



## JSntgRvr (Jul 1, 2003)

This is due to Malware. Download and run Hijackthis, and post a copy of the saved log in a reply:

http://www.majorgeeks.com/download3155.html


----------



## KimyKins007 (Nov 13, 2004)

JSntgRvr said:


> This is due to Malware. Download and run Hijackthis, and post a copy of the saved log in a reply:
> 
> http://www.majorgeeks.com/download3155.html


Logfile of HijackThis v1.98.2
Scan saved at 2:54:16 PM, on 11/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION
MANAGER\CONNECTIONMANAGER.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP
INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COOKIE WASHER\AOLWASHER.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP
INSIGHT\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/searc
h/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/searc
h/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
(no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
(no file)
R3 - URLSearchHook: IncrediFindBHO Class -
{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
F1 - win.ini: run=hpfsched
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 66.250.171.163 sitefinder.verisign.com
O1 - Hosts: 66.250.171.163 ssitefinder-idn.verisign.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT
5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: jimmyhelp.CBrowserHelper - {035EA9DA-F712-4741-8B23-D47F71706304}
- C:\WINDOWS\QQRO.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\NEM219.DLL (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\SYSTEM\ATPART~1.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -
C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -
C:\Program Files\NewDotNet\newdotnet6_38.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252}
- C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC
Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC
YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL
TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL
TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM
FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM
FILES\YAHOO!\COMMON\YLOGIN.DLL
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
(QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload
Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9
379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca2
87d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db

**not sure if I did this right. Thanks so much for your help. Sorry it took so long to get this done but after I posted, yesterday, my pc crashed & I just now got it back up. Once again, THANK YOU!


----------



## KimyKins007 (Nov 13, 2004)

Ran a search. The file was NOT located. Thanks for your help.


----------



## tracer357#1 (Jul 19, 2004)

KimyKins007 said:


> Ran a search. The file was NOT located. Thanks for your help.


try removing your "temp. internet files & cookies".
also "aolwasher" can case problems it's a tracking program that aol uses.
plus "newdotnet" remove that also it's a spyware program.


----------



## JSntgRvr (Jul 1, 2003)

Your computer is infected with malware. New.Net, Ezula, Web Offers and WinAd Client are Spyware. They can be removed following these 
instructions:

Have Hijackthis fix the following:

C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
(no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} -
(no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\NEM219.DLL (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -
C:\Program Files\NewDotNet\newdotnet6_38.dll
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

Download and run the following Programs:

CWShredder

http://www.majorgeeks.com/download4086.html

Adaware (Update this program online prior to the scan)

http://www.lavasoftusa.com/support/download/

Spybot Search and destroy: (Update this program online prior to the scan)

http://spybot.eon.net.au/en/download/index.html

Remove all spy and adware found.

To make sure these are removed completely follow these steps:

1) From the Windows Start button select Settings and then Control Panel.

2) When the Control Panel window opens, double-click on the Add/Remove Programs icon.

3) When the Add/Remove Programs Properties window opens, locate New.Net in the list of installed programs. Select it and then click on the Add/Remove button. Perform the same process for Winad Client.

4) Follow the on screen instructions

5) Perform the same process for Winad Client, Web Offers and Ezula.

6) Search for thesse File names and delete:

Newdotnet3_88.dkk
Nnezt388.exe
winad.exe
winad2.dll
WNAD.EXE
WNAD.DAT
WNAD-UPDATE.EXE

7) Using Windows Explorer, Delete the folder C:\Program Files\NewDotNet, C:\Program Files\Ezula, C:\Program Files\Web Offers, C:\Program Files\Winad Client.

8) Run regedit. Browse to the following registry key:

Note: Backup the registry to the Desktop prior to any modification by selecting Registry from the Registry Editor's menu, then Export. Select Desktop as the location to be saved.)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

9) on the right pane delete the New.net startup, WNAD and the Winad Client items.

10) Also delete the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\New.net 
HKEY_LOCAL_MACHINE\SOFTWARE\New.net 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E 
HKEY_CLASSES_ROOT\Tldctl2.URLLink 
HKEY_CLASSES_ROOT\Tldctl2.URLLink.1 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\clsid\{53d3c442-8fee-4784-9a21-6297d39613f0}
HKEY_LOCAL_MACHINE\software\classes\clsid\{53d3c442-8fee-4784-9a21-6297d39613f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53d3c442-8fee-4784-9a21-6297d39613f0}

11) Unregister DLLs:

Go to Start, then Run, type Regsrv32 /u tartwinad2.dll and click OK.

12) Search for the Hosts file and open this file with Notepad. Remove the following hosts from the file if exists:

127.0.0.3 allforadult.com
127.0.0.3 www.allforadult.com
127.0.0.3 www.iframe.biz
127.0.0.3 iframe.biz
127.0.0.3 www.newiframe.biz
127.0.0.3 newiframe.biz
127.0.0.3 www.vesbiz.biz
127.0.0.3 vesbiz.biz
127.0.0.3 www.pizdato.biz
127.0.0.3 pizdato.biz
127.0.0.3 www.aaasexypics.com
127.0.0.3 aaasexypics.com
127.0.0.3 www.virgin-tgp.net
127.0.0.3 virgin-tgp.net

After completing this process, run Hijackhis and post a new log.


----------

