UKC

I've been trying to sort out a Windows Vista problem for a relative but it's got me stumped, so once again I turn to UKC, which should make absolutely no sense whatsoever yet based on past experience will probably be my best chance at fixing this.

The problem is on a laptop running Vista 32 bit. It came pre-installed with no Windows installation discs. You boot it up, it gets as far as playing the Windows sound and displaying the 'Welcome' screen, the circular timer icon whirrs away for a few seconds and then the screen fades to black as if it's about to display the Desktop as usual, but instead the Desktop never appears, the screen remains black and the 'Windows Explorer has stopped working' error message box is displayed. The only option it gives is 'Close program'.

I can still access Task Manager, but that's it. So far I've tried the following:

-Booting up in Safe Mode (exactly the same issue)
-Manually running explorer.exe from Task Manager (it runs for a few seconds and then gives the same error)
-Booting using 'Last Known Good Configuration' (same issue)
-Windows Startup Repair (no problems found, same issue)
-Windows System Restore (no restore points found)
-Windows Memory Diagnostic Tool (no problems found)
-Running chkdsk (no problems found)
-Checking that the only value in HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell is explorer.exe
-Running sfc /scannnow from the command prompt (it gets to 82% and then errors with "Windows Resource Protection could not perform requested operation")
-Copying explorer.exe from the dllcache directory (directory not found)

Does anybody have any other idea as to how I can fix this short of getting hold of another copy of Windows and doing a clean install?

In reply to Foxache:

Most wondows laptops have windows on a recovery partition on the hard drive. If you press F8 or similar (depends on make of laptop) at start up it allows you to acess the recovery partition for a clean install.

In reply to Foxache:
Once you boot and explorer crashes can you ctrl alt del and start it as a new task? Either with explorer.exe or just a '.' without the quotes?

Personally I'd just grab a copy of win7 black and install that from a usb stick. Prob take the same amount of time as fixing the issue will end up taking and you end up with a clean install to boot.

Could try this one too: http://ccm.net/forum/affich-9082-explorer-exe-corrupted-or-infected

Yeah I already tried all three of those suggestions yesterday, but no joy

There's nothing on the recovery partition, manually starting explorer.exe from the Task Manager just gives the same error as when I boot, and the thread that link points to gives instructions on removing a couple of registry entries which I'd already done (although I forgot to mention that in my first post).

In reply to Foxache:

This is one of those tip of the iceberg things I reckon. I'd just reinstall windows.

Torrent win7 black if the relatives can't afford a licence, it'll upgrade to legit win10 in a few months anyway. Plus gets them away from vista.

The likely cause is you have a piece of malicious software which has "hooked" onto the operating system core files somewhere.

It is worth a shot but you can first reset your winsock stack to remove any malicious network components:

Open a command prompt as administrator (right click):

run both these commands.

netsh winsock reset
netsh int ip reset reset

Also you might want to run some "rootkit" removers:

https://www.malwarebytes.org/antirootkit
http://www.mcafee.com/uk/downloads/free-tools/rootkitremover.aspx
http://usa.kaspersky.com/downloads/TDSSKiller

In reply to Milesy:

Explorer doesn't interact with the network stack, though I reckon you're right about it being malware.

In reply to Removed User:

Yes it does. Why do you think you can hit a web page directly through an explorer window. Microsoft was never able to separate windows explorer with internet explorer. The underlying libraries are linked fairly tight. I have solved many explorer / winsock issues in my days. Rootkits have taken over as preferred infection / reinfection methods but winsock still gets hit often.

In reply to Milesy:

Thanks. I'll give those commands a try. I did suspect malware because I always used to scan it every time I went to visit them, but I haven't been able to do it for ages so it'll have probably ended up riddled with all sorts.

How can I run the rootkit removers though? Will I have to boot from a USB stick and do it off there?

Boot in safe mode, open task manager - then file > new task - and browse to the files to run.

If the file is corrupt itself then you might also want to try a system file checker scan from a command prompt:

sfc /scannow

In reply to Removed User:

MS have said that dodgy versions of Windows won't get an upgrade without paying for a key.

In reply to whenry:

Bootloaded versions of win7 display as being active copies and so get the upgrade. It's not manually done by entering the key somewhere, it's a software check that's easily bypassed. Not sure why people would bother though tbh, just pirate win10 if that's the intent.

In reply to Foxache:

As your original post used the words 'fixing' and 'windows vista' in the same sentence I'm afraid to tell you it can't be done

In reply to Milesy:

How do I get them onto the laptop though?

Already tried sfc /scannow and every time it fails at 82% (see first post).