boot.ini deleted every time Windows boots

AVG and Kaspersky don't see any infections. Nothing suspicious in startup/Hijackthis. Bootcfg /rebuild will recreate the boot.ini then Windows will boot once, but when I get into Windows there is no boot.ini. So of course if I reboot I get the HAL.DLL error due to no boot.ini. Even made a boot.ini on another system with only read permissions and still got deleted. Anyone seen a virus that does this or know where the line might be that is deleting it? Searched registry, win.ini, and system.ini.
LVL 2
DominionTechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
spamsterCommented:
I've never ran across this, but I would try disabling all non-Microsoft services and startup items (msconfig) and then reboot to see if it still gets deleted. That would rule out a rogue service or most startup apps.
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
FatMancCommented:
Have you checked the event log for hardware errors? Perhaps run a chkdsk to ensure the integrity of the drive too.

Thanks
John
0
 
tntmaxCommented:
Yeah, we just had someone who kept losing a different file each boot, and it was due to a dying hard drive.
0
 
DominionTechAuthor Commented:
Found it! ASKUpgrade service. Was hiding itself from Hijackthis. Disabled it in msconfig(thanks spamster) and now boot.ini is still there when I reboot. Couldn't find very much information on the service, even reported as non-malicious toolbar... But after svchost spiked the CPU to %100 I knew it had to be a service. Going to see if Spybot or Malwarebytes detects and traces of it. Why would spyware toolbar want to delete boot.ini? Sort of defeats the purpose if you can't boot....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.