Solved Logon Process Initialiazation Failure - Please Help!!

[halifaxer12]

Hi, I'm having big issues with my Windows 7 OS. I recently tried to clear up some space on my C: drive (windows) with disk cleaner and a program that checks what's taking up so much space on my windows folder (it was around 20gb). I had a malware attack a little while back that I finally thought I cleared up and fixed, but apparantely there are still some issues going on. I ran an SFC / Scan Now or ChkDsk (can't remember which one) but after I restarted my computer I got the "Logon Process Initialization Failure" error and I couldn't log in.

I tried Safe Mode, still same error. I booted off Windows 7 startup repair, ran the startup repair option and it could not detect a problem. Then I ran Command Prompt from the Windows 7 startup and entered Chkdsk C: /r and once it almost finishes it says that it couldn't transfer log files. Then I tried Sfc /scannow and it says another repair is already pending. THEN I ran the dism.exe /image cleanup revert pending blah blah and it said it was unable to access the image...

There is clearly something going wrong with my log file, or something is missing or corrupted. I can't do system restore either because I disabled it and never set a restore point......at this point, I'm all out of options. I really need the best computer wiz to help me out here, because I have so much important software installed that it would be horrible if I had to do a reformat....I want to try everything I can. Please somebody help me out.

 

[VistaKing]

Do you remember what virus you had ?

 

[halifaxer12]

I entered the dism.exe /image command correctly this time and it worked...but I still can't login to safe mode or use sfc scan...

I just remember that the trojan was really hard to clear up. It was messing with my registry. It took me a few days but I finally thought I destroyed it completely...it's strange that none of my virus programs noticed anything after that and my startup repair doesn't recognize any damages....

Another strange thing is that when I select "repair my computer" the system recovery options username is some long code with its own password....I can select my username and password but why are there two different code usernames (eg. D2D2240760E34F...)? Maybe someone else is still in control, I don't know.

 

[VistaKing]

   Warning

You will need a USB FLASH DRIVE

   Tip

Download the Tool from a non infected PC

Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS :ar: Farbar Recovery Scan Tool

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

   Note

Click the rb: button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:

• Startup Repair

• System Restore

• Windows Complete PC Restore

• Windows Memory Diagnostic Tool

• Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

   Note

Replace letter X with the drive letter of your flash drive.

   Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file

Upload the FRST.txt file

   Note

FRST.txt and file will be inside the root of the USB Flash Drive

 

[halifaxer12]

Thanks I will get to that as soon as possible and get back to you. But how do I install the Farbar to the flash disk? Just drag it in?

 

[VistaKing]

Do this on a working pc . Once you have downloaded the program that goes with your OS bit . Drag the file to a USB flash drive .

Then plug the USB drive to infected PC and tap on the F8 key as its booting up . Press [ENTER] on Repair Your Computer .

 

[halifaxer12]

Ok I ran the scan and uploaded the .txt file but I can't fit it all in this message so I attached it. Can you open it and see?

 

[VistaKing]

How to Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

 

[halifaxer12]

I attached it

 

[halifaxer12]

Anybody?

 

[VistaKing]

Plug the USB flash drive on a working pc and Open notepad

Inside notepad paste the highlighted text below into notepad


start
C:\ProgramData\cm-lock
C:\Program Files (x86)\GUM225E.tmp
C:\432b3858bd2309ebedbc47ea
C:\Windows\ELAMBKUP
C:\32788R22FWJFW
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
C:\Windows\SysWOW64\AK083E209605E394C.lie
C:\Windows\Tasks\SA.DAT
C:\ProgramData\cm-lock
C:\Users\Keon\AppData\Roaming\com.vudu.air.Downloader
C:\077fe6d96ab6e0e6ccc4c6abbd802d70
C:\ProgramData\pclunst.exe
C:\ProgramData\ntuser.dat
end


Click on File ===> Save As

In the Save As window

Location of file to save to : USB Flash drive
File Name: fixlist.txt
Save as type : All files

Click on the Save button .

Plug the USB flash drive back into the infected PC and open FRST64.exe again from the System Revovery then click on the [FIX] BUTTON. Once done try to login to the PC in normal mode.

 

[halifaxer12]

Ok I will try this and get back to you soon.

 

[halifaxer12]

I did what you said, saved the fixlist.txt, ran FRST64.exe again, selected fix it, and it said the fix is completed then saved it to my directory. I restarted my computer in normal mode but unfortunately I'm receiving the same "Logon Process Initialization Failure" .....

 

[halifaxer12]

I ran it one more time (this time including the FRST.txt on the usb) and I attached another fixlog.txt to this message...

 

[VistaKing]

Can you do a System Restore ? From the System Recovery ?

 

[halifaxer12]

No I can't..."No restore points have been created on your computer system's drive"

 

[VistaKing]

Go back to System Recovery select command prompt

Inside command prompt type the highlighted text below

copy C:\Windows\System32\winevt\Logs\Application.evtx G:\Application.evtx press ENTER

should get 1 file copied

C:\ - is the drive letter where windows is installed
G:\ - USB drive letter

Upload the Application.evtx file

 

[halifaxer12]

Upload it to what? I typed in the command and this pop up message came up: "Windows can't open this file File: Application.evtx...What do you want to do? Use Webservice or Select a program from a list of installed programs..."

 

[VistaKing]

Ok let's to this

Inside command prompt type in

C:\Windows\System32\Notepad.exe and press [ENTER]

Notepad should open up click on File then click Open . Navigate to this folder C:\Windows\System32\winevt\Logs\ copy the Application file and paste it to your USB drive .

 

[VistaKing]

Try it this way . Inside the commands prompt

copy C:\Windows\System32\winevt\Logs\Application.evtx G:\

press [ENTER]

G: is your USB Drive . If its a different letter change G to your actual letter