Solved Compromised Logon facility, caused by Stardock

I'd read so many postings about people using Stardock to update their logon screen background image with Vista, so I thought I'd give it a try. Well... bad move for me.

The first thing I noticed when logging on is that my fingerprint reader icon lacked any text below it. Normally there is a status message. Second, when I initiated logon, there would be a delay, caused by a screen fade out, a brief reveal of the previous screen, then transition to the desktop. What would greet me here is a Windows error message:

"Windows Logon User Interace Host as stopped responding".

Clicking on the request to resolve the problem would turn up nothing. Otherwise, my interface would appear normal.

In the Event viewer, I found the following:
"Event ID: 1000
Faulting application LogonUI.exe, version 6.0.6001.18000, time stamp 0x4791960d, faulting module authui.dll, version 6.0.6002.18005, time stamp 0x49e040d2, exception code 0xc0000005, fault offset 0x0000000000037ef7, process id 0x124, application start time 0x01cd2fc2a3d80a90."

When I uninstalled Stardock, the problem persisted. By the way, Stardock Impulse, Bootskin and Logon Studio had installed with an error message, but the final result appeared functional. Uninstalling resulted in an error, but the program files disappeared. I think Impulse screwed up my system somehow.

The only thing I could do was to restore to a previous system save point. That worked. However, I stupidly tried the Stardock install again after updating my Windows system and correcting some minor SFC errors. Why stupid? Well, I had uninstalled a few other programs and by the time I discovered that my 2nd attempt at installing Stardock resulted in the same problem, I lost my "no Stardock" restore point.

Now I appear to be screwed. :eek:

Is there any way I can manually repair the damage that this crappy piece of software did to my Vista x64 system, without having to spend an entire day at it? Or... will I have to resort to reapplying SP2 and reloading all of the system updates Microsoft has issued since then?

Help!

It appears that you may have to reinstall the updates, but others may have another solution. For the future, buy yourself an external hard drive. Once a month make an image of your hard drive with Macrium Reflect FREE Edition - Information and download.
In the event of any problem you can just reinstall the image. I lost everything due to updates, but I was saved by Macrium.
Hopefully, you will get the help that you need, now, from another.

Usually when you install software, a restore point is made, you should have that one.

Have you tried going into the registry- HKey_Local_Machine, Software and deleting the offending program?

You could also run msconfig.exe and look for it in the Startup tab.

Yeah, I have an external hard drive that is running out of free space. But I will look into getting a new one and doing periodic disk imaging.

Meanwhile... I've discovered that my situation is worse. I can ONLY logon via the fingerprint reader. When I try to click on my icon and log in by typing a password, I never get the fields. The screen refreshes back to the locked display.

I did go into the HKEY_LOCAL_MACHINE and find traces of Stardock references and delete them, but this has not solved the problem.
Is there some kind of diagnostic system repair facility in Vista? I have a feeling I need all of my system files refreshed now...

If you can get a Vista install CD, a repair install will work
If you cannot
Make an SFC and give us a screen shot of the CBS Log.
SFC make fix some errors too.
http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html

Yes, I did run the SFC command and it fixed a few problems, but nothing that appeared related:


2012-05-12 14:47:01, Info CSI 00000303 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2012-05-12 14:47:02, Info CSI 00000306 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:30{15}]"winload.exe.mui" from store
2012-05-12 14:47:02, Info CSI 00000308 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2012-05-12 14:47:02, Info CSI 0000030b [SR] Repair complete
2012-05-12 14:47:02, Info CSI 0000030c [SR] Committing transaction
2012-05-12 14:47:03, Info CSI 00000310 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


I don't have original install disks, but I do have recovery disks. I'll have to set aside some time on Monday to delve into that tedious task. Still boggles my mind how Stardock could mess up someone's system like this, when all it achieves is to replace a silly background image.

I ran SFC scannow, then rebooted, and the problem still persists. What's even more perplexing, is that running SFC scannow yet again results in the following appearing in the CBS log:


2012-05-14 01:02:09, Info CSI 000002fc [SR] Repairing 3 components
2012-05-14 01:02:09, Info CSI 000002fd [SR] Beginning Verify and Repair transaction
2012-05-14 01:02:10, Info CSI 000002ff [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2012-05-14 01:02:10, Info CSI 00000302 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\en-US"\[l:30{15}]"winload.exe.mui" from store
2012-05-14 01:02:10, Info CSI 00000304 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2012-05-14 01:02:10, Info CSI 00000307 [SR] Repair complete
2012-05-14 01:02:10, Info CSI 00000308 [SR] Committing transaction
2012-05-14 01:02:11, Info CSI 0000030c [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2012-05-14 02:18:35, Info CSI 00000454 [SR] Repairing 2 components
2012-05-14 02:18:35, Info CSI 00000455 [SR] Beginning Verify and Repair transaction
2012-05-14 02:18:36, Info CSI 00000457 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2012-05-14 02:18:36, Info CSI 0000045a [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2012-05-14 02:18:36, Info CSI 0000045d [SR] Repair complete
2012-05-14 02:18:36, Info CSI 0000045e [SR] Committing transaction
2012-05-14 02:18:36, Info CSI 00000462 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


So, despite the status saying repairs were complete and committed, they don't persist.


I can't roll back to a previous restore point prior to Stardock. Is there anything left for me to do? I do have original Vista rescue disks that I created from my system (I don't have original OEM disks, as they are not provided with the laptop). Is there a system repair facility in the rescue disk that can fix this kind of problem?

If you are willing to reinstall, then update all the SPs etc and take a chance that things may go wrong, I can help; interested?

richc46 said:

It appears that you may have to reinstall the updates, but others may have another solution. For the future, buy yourself an external hard drive. Once a month make an image of your hard drive with Macrium Reflect FREE Edition - Information and download.
In the event of any problem you can just reinstall the image. I lost everything due to updates, but I was saved by Macrium.
Hopefully, you will get the help that you need, now, from another.

Usually when you install software, a restore point is made, you should have that one.

Click to expand...

If interested, this is what I would do. Backup what you have, I have used Macrium and it could not have gone better. Then use this ISO and your product Key to reinstall
[Direct Download Links] Download Official, Original and Untouched Windows Vista RTM with SP1 Setup Files (32-bit and 64-bit) - Tweaking with Vishal
I cannot give any guanantees, except that if things go bad, Macrium, for me, worked like a charm

You have a hunch that a reinstall and following up with SP's may screw things up further?

In the past when I worked with Windows XP and encountered a system level problem not easily repaired, re-applying the latest SP usually fixed things up right. Are the odds of this working with Vista less likely?

I know there's also all the overhead of frequent updates applied... and Microsoft leaves those files behind in case of needing to uninstall the subsequently applied fixes. I wouldn't be surprised if lots of "junk" gets left behind.

There is one other thing... I have recently obtained an upgrade disc going from Home Premium to Ultimate. Is the upgrade invasive enough that many of the system files are refreshed? If so, then perhaps this may be the way to go.

No, I am saying any undertaking this big, has potential problems. I reinstalled once and used Macrium once, on Seven and had no problems.
I am not ignoring the rest of your post, just trying to get the reinstall option on the table, now. If it were me, Id take a chance, but make two back ups just in case, run at a low speed 2x and then verify. You should be ok.

One other thing...

I just realized I have a complete registry backup that I made back on May 2nd. It's a complete capture of HKEY primary branches CLASSES ROOT, CURRENT CONFIG, CURRENT USER, LOCAL MACHINE, and USERS.

Would it be worth trying to use these to rebuild my registry?

If you are willing to reinstall if things go wrong, I would try the registry, who knows.
This may be of help. too
http://www.vistax64.com/tutorials/151606-vista-sp1-slipstream-installation-dvd.html
You must reinstall your stuff and have a product key number.

Yes, I'd be OK with a reinstall if it doesn't.

"The registry is fundamental to Windows and is essentially the conductor of the bits-and-bytes orchestra that is the operating system." From what I can see, "LogonUI.exe" and "authid.dll" files are original, not some mangled versions copied in by Stardock. So, my suspicion is that Stardock did something funky with my registry that has the logon system all confused. Is that a fair assumption?

I have also downloaded Macrium and will see about doing a system back-up first before trying the registry rebuild.

Make two images with Macrium, slow speed (2x) and then verifiy both. If they are OK, you have nothing to lose. Things go bad, try the reinstall, if that fails you have the back up. Hey, Im as anxious as you, I feel Im part of this adventure. Good luck.

Oh, and one other thing...

When I get home later, I'll pull out my Vista recovery disks. Do you know if the way the recovery disk works, is that it targets the core system files and is respectful of subsequent Windows updates? Or, once running the recovery disk repair facilities, will Windows need to perform all of the updates that followed SP2? And.. after running the repair, would it be a good idea to get rid of all those miscellaneous update install directories left behind, to reclaim some space?

A recovery disc, should not change the OS, it is a means to recover what you have. I dont think its what you need for your situation. This will tell you more about what it is and does.
http://www.vistax64.com/tutorials/141820-create-recovery-disc.html

I've read a little further on registry repair, and I understand that when you Export a registry key branch, it copies everything. However, when doing an Import, it only adds whatever has been deleted. It does not overwrite any keys that already exist, is that correct?

So, I'm surmising that if I needed to replace one or more keys, I'd have to delete them first, then run the import?

I found several clusters of entries in the registry pertaining to the files I'm having issues with:
amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16386_none_65db569eb0da4259
amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_6812189aadc5532d
amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6002.18005_none_69fd91a6aae71e79
amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_bf7aec162eab0b14
amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_c1b1ae122b961be8

x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16386_none_09bcbb1af87cd123
x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7
x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6002.18005_none_0ddef622f289ad43
x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5092764d99de
x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_6593128e7338aab2

Notice that there are 3 entries for "authui", covering versions 6000, 6001, and 6002. But for logonui, there are only 2 entries. The version for logonui 6002 is missing. I'm wondering if this is where the problem lies.

Actually, I dont know. I am very, very careful with my registry and have never made any manual fixes. When I am changing something that will have an affect on the registry, I use System Restore. I would be reluctant to guess with such an important issue.

Well, I decided to take the less invasive approach first. I booted up in safe mode.

In safe mode, the Fingerprint reader services do not start. I am able to log on normally. Now I'm beginning to figure this out, I think. The Stardock installation may have conflicted with the DigitalPersona software, and compromised it somehow. The only other person I found who reported this problem had an HP laptop as well, with fingerprint reader.

I'm going to try reinstalling the DigitalPersona software first.