Logon Process Initialiazation Failure - Please Help!!

halifaxer12 · 25 Jul 2013

Found it ...here you go.

VistaKing · 25 Jul 2013

Shoot ! I keep forgetting for some reason I can't read it on an iPad . Lol i should get a surface but then again I will stick to an iPad .

Can you copy and paste the results ?

halifaxer12 · 25 Jul 2013

I'll try....but I'm having some big problems now with the User...I restarted my computer to see if the new location would be recognized. But when I logged into my main Keon adminsrator account the desktop looks like the temporary Tutorial account I created and the disk space for C: is taken up...only has 7 gb left instead of the 21 it had before.

VistaKing · 25 Jul 2013

Did you get a message saying " you're signed in with a temporary account " ?

halifaxer12 · 25 Jul 2013

Here's what changed in my Regedit ... There are two of those 1000 folders now. One of them has the ProfileImagePath as C:\Users\TEMP and the second backup 1000 has the ProfileImagePath as E:\Keon

So I guess a TEMP account was created for some reason...

VistaKing · 25 Jul 2013

Take a look at this tutorial

User Profile Error - Logged on with a Temporary Profile

halifaxer12 · 25 Jul 2013

Btw here's the Hitman log...

Code:

HitmanPro 3.7.6.201

www.hitmanpro.com



   Computer name . . . . : KEON-PC

   Windows . . . . . . . : 6.1.1.7601.X64/8

   User name . . . . . . : Keon-PC\Keon

   UAC . . . . . . . . . : Disabled

   License . . . . . . . : Free



   Scan date . . . . . . : 2013-07-25 18:25:39

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 1m 20s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No



   Threats . . . . . . . : 0

   Traces  . . . . . . . : 653



   Objects scanned . . . : 1,692,919

   Files scanned . . . . : 21,490

   Remnants scanned  . . : 330,967 files / 1,340,462 keys



Suspicious files ____________________________________________________________



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002286.dll

      Size . . . . . . . : 942,907 bytes

      Age  . . . . . . . : 558.8 days (2012-01-14 00:15:52)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 151573760160ED491B4528616FF16C058966B9555B73E804AF1CD60B3F8EB33D

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002287.dll

      Size . . . . . . . : 948,113 bytes

      Age  . . . . . . . : 547.7 days (2012-01-25 01:09:58)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 1BE27031845D80D6803C15BCE2EBE1276C0CA17F3BD47FDA8EAD97DBF5A517AF

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll

      Size . . . . . . . : 948,118 bytes

      Age  . . . . . . . : 545.7 days (2012-01-27 01:16:48)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll

      Size . . . . . . . : 965,329 bytes

      Age  . . . . . . . : 477.8 days (2012-04-04 00:07:02)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll

      Size . . . . . . . : 956,681 bytes

      Age  . . . . . . . : 475.8 days (2012-04-06 00:02:27)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll

      Size . . . . . . . : 949,613 bytes

      Age  . . . . . . . : 305.9 days (2012-09-22 21:10:38)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll

      Size . . . . . . . : 959,376 bytes

      Age  . . . . . . . : 159.8 days (2013-02-15 23:13:27)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5

      RSA Key Size . . . : 2048

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 22.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.

         Program is code signed with a valid Authenticode certificate.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll

      Size . . . . . . . : 963,480 bytes

      Age  . . . . . . . : 14.8 days (2013-07-10 22:35:05)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E

      RSA Key Size . . . : 2048

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 23.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

         Program contains PE structure anomalies. This is not typical for most programs.

         Program is code signed with a valid Authenticode certificate.

      Forensic Cluster

         -0.2s C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\htm\wc002331.htm

          0.0s C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\pbcl.dll

      Size . . . . . . . : 963,480 bytes

      Age  . . . . . . . : 2.6 days (2013-07-23 03:02:29)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E

      RSA Key Size . . . : 2048

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 24.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

         Program contains PE structure anomalies. This is not typical for most programs.

         Program is code signed with a valid Authenticode certificate.

      Forensic Cluster

          0.0s C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\pbcl.dll

          0.0s C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\pbcl.dll



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\pbclold.dll

      Size . . . . . . . : 963,480 bytes

      Age  . . . . . . . : 558.8 days (2012-01-14 00:11:42)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E

      RSA Key Size . . . : 2048

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 22.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.

         Program is code signed with a valid Authenticode certificate.



   C:\Users\Keon\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys

      Size . . . . . . . : 139,032 bytes

      Age  . . . . . . . : 558.8 days (2012-01-14 00:12:04)

      Entropy  . . . . . : 7.8

      SHA-256  . . . . . : 0CA9D48C9E3D938121A73EBE6EA3FBE19A9AE017EEDA066A22CF254A688A98C2

      RSA Key Size . . . : 2048

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 22.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.

         The file is a device driver. Device drivers run as trusted (highly privileged) code.

         Program is code signed with a valid Authenticode certificate.





Potential Unwanted Programs _________________________________________________



   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011341191}\ (VidSaver)



Cookies _____________________________________________________________________



   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pof.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:mtvn.112.2o7.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:segainc.112.2o7.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com

   C:\Users\Keon\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

   C:\Users\Keon\AppData\Roaming\Microsoft\Windows\Cookies\57AH5DNQ.txt

   C:\Users\Keon\AppData\Roaming\Microsoft\Windows\Cookies\J7HZNUMK.txt

   C:\Users\Keon\AppData\Roaming\Microsoft\Windows\Cookies\V6K4AMTX.txt

   C:\Users\Tutorial.Keon-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

   C:\Users\Tutorial.Keon-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com

   C:\Users\Tutorial.Keon-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies:segainc.112.2o7.net

halifaxer12 · 25 Jul 2013

The tutorial is telling me to login to the other administrator account and to delete the Keon User folder...I'm trying to delete it then move on to making changes in Regedit.

EDIT: Now it says to find the .bak 1000 folder in Regedit and see if the ProfileImagePath is the same as the Keon User folder I just deleted. It's not, because I changed the ProfileImagePath earlier to E:\Keon ... And the non .bak 1000 is C:\TEMP ...So now I'm lost.

VistaKing · 25 Jul 2013

Do Option one of the tutorial below

User Profile Service failed the logon. User profile cannot be loaded.

Make sure the 1000.bak is your User profile

Right click on 1000 and select rename add .bk at the end . Back to 1000.bak right click select rename and just remove .bak on the right side make sure State and Refcount is zero ( 0 ) to change the value . Right click on State and select Modify and click Ok after you input 0 same thing for Refcount . Close the registry and restart .

Note

You need to do this on an account with admin rights

halifaxer12 · 25 Jul 2013

The .bak isn't C:\User\Keon because it told me to delete the main User folder......the .bak ProfileImagePath is E:\Keon because that's what the first tutorial on how to move the User folder said to do... The original 1000 is C:\Users\TEMP... so rename that to .bk and then go to the other .bak and remove the .bak?