pop up at sign on

Okay it sounds like you have a few problems one of which may be VX2 and or Qooligic related. The first things we need to do is get you into a know state. Please follow the directions below and we will continue with additional manual cleanups after that as necessary.
First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

The READ ME FIRST does not ask you to run Norton AV is asks you to run an online scan at Symantec. They are quite often not the same. The online references are often updated more frequently than the full AV package definitions.

Complete the rest of my directions!

 

The rest of my directions were not completed. I'll repeat them:

 

I would guess that the following line is your problem:

F1 - win.ini: load=c:\01comm32\bin\01comm32.exe

Do you know what 01comm32 is? If not, do the below steps:


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe

After clicking Fix, exit HJT. Now reboot in normal mode and post a new HJT log. And tell us how things are working.

If this has fixed your problem, I would then think about deleting the c:\01comm32 folder.

 

Are you sure this is legit? Is it a cracked or pirated version?

What application gives you the pop up warning? Is it a firewall? Doesn't it tell you which application is trying to run?

 

This could just be C:\Program Files\Messenger\msmsgs.exe
Do you use messenger?
If not you could use this, Uninstall Messenger and see if you still get that popup.

 

PowerReg Scheduler is a registration scheduler. Periodically attempts to connect to the Internet. Gathers unknown information. It is not necessarily a problem but it is not required either and yes it could be your problem too.

Messenger is not the same as MSN Messenger.

 

Messenger is Windows Messenger!
MSN Messenger would appear as MSN Messenger.

They are differenet. Perhaps you are just using Windows Messenger.