PC not starting after ComboFix

I ran ComboFix today, not to fix any specific problem, just as part of general maintenance. I do this most weeks as I do with AdAware, Spybot & several other programmes.
At the end, ComboFix reported that it was deleting 2 files but too fast for me to read, then it rebooted.

Now my PC gets as far as the splash screen then reboots, it will do this continuously. It does the same if I try to start in safe mode.

Am I looking at a comlete reinstall of Windows or do you think I can recover from this somehow. I'm not too phased by a reinstall as all my data is on a separate drive but there are some e-mails I would like to save if I can.

Win XP Pro SP2
P4 3GHz
2Gb RAM
200 + 250Gb SATA HDDs

 

G'day.

You could try a repair from your XP CD (put it in and select Repair option - I think you should be able to do that).

Keep in mind that this might actually be a hardware problem, or some unrelated software problem that has coincidentally raised its ugly head just when you ran Combofix. Think about connections, RAM, etc.

Maybe install the HDD as a slave (in another PC, or in your own if you have another HDD) and see what you can do from there. You might run chkdsk on the problem HDD to make sure it's ok. You might also be able to find a record of what Combofix did - is there a log, for example?

You could also try using a boot disc to get started.

(You could at least copy your email data file if you connect your HDD as a slave, or get in by one of the other methods. I don't actually think you would lose this by reinstalling Windows anyway.)

 

Thanks for the advice, I'll try the repair first & hope that does it.
I've also ordered one of these leads, http://www.amazon.co.uk/SATA-Adapter-Power-5-25-Drive/dp/B001A5SK56/ref=sr_1_1?ie=UTF8&m=AR1G4ZXDBWAI7&s=generic&qid=1259017729&sr=1-1 so that, hopefully, I can connect my C drive to my laptop & extract my e-mails.

 

OK. Interested to see how it turns out.

 

When in restore run the following commands. usually always help startup issues:
fixmbr
fixboot
chkdsk

 

A recent update of ComboFix has detected pciide.sys and moved it to the Qoobox folder: It is a false positive. Restore the file from Qoobox or from another source.
See the following post by Grinler:
http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=273050&view=findpost&p=1510458
Quote:
Yup this was a FP that was addressed.

QUOTE
Please do not delete this thread, as i would like people to know that if they restore the C:\Windows\System32\Drivers\pciide.sys file that combofix quarantined and deleted, their system may have a chance to come back to life.


This is absolutely correct. Just replace the pciide.sys file and the computer will boot up normally again. This should work 100%.

 

I've got my drive connection kit which works well & I can now access my PC 'C' drive using my laptop.

I can see that the PCIDE.SYS file is still in System32 & the Qoobox folder is empty so that is not the problem.

I was hoping to copy the Thunderbird Profiles folder to rescue my e-mails but I have run into a problem there. My laptop lets me search the PC hard drive but says I do not have permission to access the Application Data folder, how do I overcome this?

 

You need to boot to the usb hard drive.
Open up setup (a.k.a. bios) and go to boot order. make sure USB devices is before hard drive. If USB devices is not an option, go to boot options or whatever it is called. Then select USB device. You can then log in as if it were your original computer, and copy whatever data you wish to the laptop hard drive.

 

I tried this but, unfortunately, I get the same problem I originally posted. The laptop tries to boot from the XP OS on the PC HDD, gets to the splash screen, then reboots.

 

Just a thought, could my access problems from the laptop be because it runs Vista? That seems to need permission to run everything.

 

Thanks for the info on the possible ComboFix problem. That comes as a surprise: I was sure we were on a "winner" with that one. However, I remain suspicious that the Qoobox folder is actually empty, since you reported that ComboFix was deleting files ... they "should" be in Qoobox!

The key phrase here is "take ownership" (and this is not soley related to Vista; it happens with XP too).
Try a google search of vista "take ownership" and you will get lots of relevant results, two of which I include for you here ...
Vista - Take Ownership of file
http://www.vistax64.com/tutorials/67717-take-ownership-file.html
How to Take Ownership and Full Control Permissions of Files and Folders in Vista
http://www.tipandtrick.net/2008/how...ol-permissions-of-files-and-folders-in-vista/

I do not have much to do with Vista, but when I have, I have used a downloaded registry file, to take care of the problem, and I include a link to this also ...
How to Add Take Ownership to the Context Menu in Vista
http://www.vistax64.com/tutorials/112795-context-menu-take-ownership.html

 

Thanks for the links, I'll try that when I get home. The 'take ownership' reg file looks very useful.

 

Please check what you have stated here.

You are looking for the pciide.sys file.
You need to look in the drivers folder
C:\Windows\System32\Drivers\pciide.sys

 

My mistake, it is PCIIDE.SYS that I checked for & it is in the drivers folder.

 

I've been a bit lazy about getting round to addressing this problem but have finally got back to it. The advice given here has allowed me to access my PC hard drive through my laptop & retrieve the e-mail folders I was most concerned about.
I now have the original problem of trying to get my PC running again. I booted the PC with the XP disk in & Windows started OK. I noticed that ComboFix popped up saying that I should wait whilst it completed actions but this just hung for ages. Whilst waiting for this I updated AdAware, SpyBot & System Mechanic then, whilst I wasn't watching, the PC shut down.
Now, with the XP disk still in, the machine does what it was doing before, it boots as far as the Windows splash screen then reboots. I don't get the chance to repair or reinstall.

 

I get the message 'press any key to boot from CD' but I've just thought whilst writing this that my keyboard is a cordless one. If the USB drivers have not loaded then my pressing keys will not do anything, I'll try again with a ps2 keyboard then perhaps I'll get the option blue screen as you describe.