[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3594
  • Last Modified:

Hal.dll file missing - Problem fixed -- Want Explanation

I have had the problem that so many others have apparently had -- the hal.dll file goes missing and Windows XP won't boot up.  The first time this happened I attempted a repair install and the system was incredibly unstable.  I couldn't get it stabilized with a mixture of problems including hangs, crashes, and user account issues.  I then did a complete reformat, at great loss to myself, but the system was back in full order.  I installed a copy of Sonic MyDVD that was issued as OEM with the laptop in question and it hung while burning a DVD.  On reboot, the damn hal.dll has got itself lost again.  I did a little more research this time as I was relatively accustomed to the problem by now, not something you really want to be accustomed with, but I tried, in the recovery console, to expand the file off my Windows XP CD but it responded angrily and refused to comply.  I then copied the file to system32 and tried to expand from there but it wasn't having that either.  I ran a dir scan of c:\WINDOWS\System32 and found both the hal.dl_  and hal.dll files present, deleted them both, and ran the process again, checked the system32 dir and hal.dll was there but the system would still not reboot.  So I ran bootcfg /list and, to my surprise, no boot.ini present.  So a simple bootcfg /rebuild and BOOM -- system back up and running.  So now that I have found the problem, the question would be, WHY?  As I've said, the hal.dll has gone missing three times now, and each time was under different circumstances.  It hasn't been the same software uninstall or really anything similar the times that it's happened.  I have ran chkdsk and several other 3rd party hdd scans and am confident that my hardware is in good condition.  What is it that's causing the loss of my boot.ini file and the hal.dll issue.  I have read many articles and seen many forums on this but nothing that seems similar to my problem (the others were usually bad uninstallers or failing hardware).  Anybody catching anything in what I've described here that you think might be the culprit?
0
BlckBlt2
Asked:
BlckBlt2
  • 14
  • 11
  • 2
2 Solutions
 
nobusCommented:
a rootkit maybe? try rootkit revealer :  www.sysinternals.com/Utilities/RootkitRevealer.html
...and check also for unknown processes running with processExplorer  :   www.sysinternals.com/Utilities/ProcessExplorer.html 
0
 
BlckBlt2Author Commented:
I should go ahead and add just in case -- I have run the usual gambit of anti-virus and spyware scans (spybot, ad-aware, Ewido, McAfee, Spython), as well as regularly checking Sysinternals Process Explorer.  I'm reading up on the Rootkit Revealer -- haven't run that but will, just trying to save anybody some time if they were gonna post to do the above.
0
 
nobusCommented:
instead of rrotkit revealer, you can also boot from a bootable cd, and inspect your disk (root) - knoppix is good for that :    www.knoppix.org
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
BlckBlt2Author Commented:
I'm new to knoppix -- never used it myself but heard it thrown around a couple of times but I thought that was a linux based boot cd -- does it just provide an interface to boot into to allow access to the hdd?
0
 
nobusCommented:
it is a bootable linux based cd, that gives you access to your hardware, in a +/-windows like environment.
It is great for determining if the hardware is causing a problem or soft.
0
 
e_sandrsCommented:
Just a double-check that you have run troubleshooting against *all* your hardware.  From you description it sounds like you may have just checked your HDD.  RAM would be the other main thing that needs troubleshooting (ok, and CPU - but RAM is the next most probable culprit).

http://www.memtest86.com/
0
 
BlckBlt2Author Commented:
Have run hardware checks and everything came up fine -- I went through hell getting the RAM that I have at the price I paid -- upgraded from the 512 the laptop came with to 2GB about six months ago -- bought corsair from a wholesaler friend of mine at $150 .... was gonna go for Mushkin or Crucial but Dell's are picky about what they will and won't work with.  Anyway, the hardware looks fine -- I'm gonna go ahead and run the memtest boot and check again but lemme ask you this -- with a reformat of the hard drive -- that's not just resetting the registry and system files like a repair install -- a reformat should get rid of any kind of rootkit that might have gotten in right?
0
 
BlckBlt2Author Commented:
The deal is that whatever might be causing it -- once I reformatted the Hdd and got everything back up and running the system is GREAT.  Just like new.  It wasn't until I got about 30GB of my stuff back that it happened again.  Rebuilt the boot.ini and bam -- I was back and running like a wild horse.  There was no performance loss in between those two times.
0
 
e_sandrsCommented:
A full reformat and reinstallation should get rid of *nearly any* rootkit that might have been installed.  Theoretically, something could be written outside of the normal hdd write area and survive a standard reformat (although I think it'd still need something to get reinstalled inside your system to call the surviving code).

There is talk in security circles about rootkit malware that will essentially "boot" before windows does and then run windows "under" the rootkit as a kind of "virtual machine/ host OS".  I don't think any of that is really going on yet.

I guess the most complete way to wipe a disk would be to use the BIOS to alter your boot order to a CD drive first, boot a CD with a drive wiping program, and run a full HDD wipe from that interface - but we're getting into the realm of Black Helicopters and Aluminum Foil Beanies (http://zapatopi.net/afdb/) once we're worring about that, IMO.

A standard reformat/reinstall will clean any rootkit type programs installed.
0
 
BlckBlt2Author Commented:
The deal is that whatever might be causing it -- once I reformatted the Hdd and got everything back up and running the system is GREAT.  Just like new.  It wasn't until I got about 30GB of my stuff back that it happened again.  Rebuilt the boot.ini and bam -- I was back and running like a wild horse.  There was no performance loss in between those two times.
0
 
BlckBlt2Author Commented:
First off, and most importantly in my opinion, where in the hell did you find that website.  That is the most well made and professional looking website for psychopaths that I've ever come across.  I haven't even seen something like that come up with Firefox's "stumble upon".  Secondly, Let's assume the hardware is not an issue.  Let's say it's some sort of software problem.  I run a "smart-uninstaller" that searches the registry and the hdd for any files that came along with or was in connection to the software after the initial uninstallation.  I always check the files before deleting them so I know it's not an accidental deletion on my part.  The program also re-writes the space that software was on with DOD standards and I give it 2 runs.  So, the two things I've read that causes the hal.dll problem is bad uninstallers and hdd problems.  If my hardware is fine, and I'm comfortable it is, and the secondary files are not being left on the system to cause problems, then the pre-coded uninstaller would have to be deleting part or all of the boot.ini (the hal.dll).  This is assuming that, as you agree above, any rootkit or essentially any malware that would be doing this would be gone with the reformat and if it's coming with software then it has to be something that's coded to the program because adware/spyware is scanned for everytime I download anything before unpacking and again before installation.  I'm rambling but I've gotten to where I'm dry heaving ideas.  I got nothing else that I can think of.  I figure that some software companies would program a condition into their software that detects a web-posted serial number or improperly generated key but I know that definitely wouldn't apply to me.  
0
 
BlckBlt2Author Commented:
The deal is that whatever might be causing it -- once I reformatted the Hdd and got everything back up and running the system is GREAT.  Just like new.  It wasn't until I got about 30GB of my stuff back that it happened again.  Rebuilt the boot.ini and bam -- I was back and running like a wild horse.  There was no performance loss in between those two times.
0
 
nobusCommented:
>>   It wasn't until I got about 30GB of my stuff back   <<  you mean after you copy your backup data it happens? then there is the source.
0
 
nobusCommented:
i would copy it back in parts, and test after each part, to narrow down the problem source
0
 
BlckBlt2Author Commented:
nah, the backups were mostly compressed applications and music, the music I put back on but the apps I went the hard way and got most of them back from the manufacturer for that exact reason
0
 
nobusCommented:
then i don't understand your previous post. . .
0
 
BlckBlt2Author Commented:
the 30GB of stuff that I loaded back was not neccesarily the original programs and data that I had on before -- it was sort of a process of going through and loading things that I knew were trustworthy and then loading about two or three more apps a day but I was downloading them from their source -- not loading them from the backup cd -- I was using the cd as a guide to remember all the crap I had on there to begin with -- but I do agree with you though that it's likely one of the programs that is causing the problem -- is it just a matter of wait and see which makes it happen again or is there someway to find out when and how these files got deleted.  I mean, I checked all the system and event logs and everything after this time since I didn't have to re-install the OS or anything but there was nothing I could find
0
 
nobusCommented:
>>   is it just a matter of wait and see which makes it happen again   <<  right now i would not know of another way.
unless you post the site links, and we find unreliable ones; and even then . . .
0
 
BlckBlt2Author Commented:
Yeah, sounds about right -- all the stuff is reliable - it's not off of freeware sites or individually written programs or anything.  I don't know -- just have to do a whole diagnostic install process I suppose
0
 
nobusCommented:
i would recommend to have a virus scanner, Adaware, and spybot installed, all updated, and spybot set to immunize your disk. that works for me during the past years.
0
 
BlckBlt2Author Commented:
Oh yeah, trust me, I got a fort knox of security set up here -- that's why this is bothering me so bad.  I got McAfee running all the time and ewido guard just in the background.  spython check every three days, spybot check every other day and McAfee scan every shutdown.  I run Ewido full system whenever it comes to mind.  Just a little paranoia but what the hell.  On top of that and just for the hell of it, I also got all my ports fully stealthed and I run through a proxy server whenever I get onto a site or network I don't trust.  I know that an infection can still happen but in the scheme of things, that's why I said at the beginning that all this was done and I'm pretty confident that it's not an infection of any kind.    
0
 
nobusCommented:
>>  fort knox of security   <<   that's for sure - and does your pc run still?
0
 
BlckBlt2Author Commented:
oh yeah, run's better than it did when I first got it to be honest -- download speed, video editing, powerpoint video construction, everything
0
 
nobusCommented:
some things that are good to hear - do you have any more Q's?
0
 
BlckBlt2Author Commented:
No, really just wanted to have someone concur with what I was thinking -- being a software issue seperate from the machine itself.  Appreciate you sticking with me bud
0
 
BlckBlt2Author Commented:
I'm gonna split the points between you and e_sandrs up there
0
 
nobusCommented:
No problem ! Have a nice day !
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 14
  • 11
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now