Hi I noticed that in your second securityassist authenticate user behavior you have login set to "index.php" but on the first authenticate user behavior you have it set to personal.php...wouldnt they both need to be the same page as the second behavior is just a login for autologin?
Also in the first login behavior you have "personal.php?$UserGroupID" Thats not going to do anything for the personal.
In the personal.php you should at least start with a Secure Page behavior
Have you also set up your Security Assist Rules?
Once the security rules are in place then you can do conditions for UserLevel there or even have it redirecting to different pages depending on userlevel.