Here you are - the ESETscan.
There havent been any “malicious URL blocked” notifications since the combofix yesterday, so I wonder if the problem is fixed? And if so, what the created the problem?
Hi,
That is good that you are no longer getting the popup any longer. 
Run a new scan with ESET online scan but this time allow ESET to remove all entries found.
Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.
Disable your AntiVirus and AntiSpyware applications.
Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
In your next reply please attach the logs made by ESET and ComboFix.
I have been free from any popups since my last reply, but today I got some again - a little bit different, I have attached some screenshots.
I apologize that I have not had the time to post the last scans yet, I will do them soon…
See tpscrex info here: http://www.file.net/process/tpscrex.exe.html
You can also check www.virustotal.com (submit the file).
Sorry for the delay.
I agree with Tech…you should submit that to VirusTotal before we go removing it.
There are 3 other files in the same folder as TpScrex.exe
No reaction on this file, but Symantec reacts on TpScrexw.exe, that is in the same folder: its says “WS.Reputation.1”
There is actualle TWO files with that same name in the folder (and both gets same reaction from symantec)
Wonder if I should delete it then?
Could you attach the logs created by VirusTotal or provide the link to the results so that we can see them.
I got the same problem couly.com malware every hour or so!
Please start a new topic.
Sorry, either I misread yesterday or the files have changed since. There are not two files with the same name in the folder now, and there is now only one that gets a reaction from symantec.
This is the file you asked for: https://www.virustotal.com/file/3250e5e782f9e327c4758e9587d87b7856107eba15892778770f53d04af87284/analysis/
This file symantec finds something in:
https://www.virustotal.com/file/f897e4d2d3d621cab64b9de2f9da2a7a767da5256073a36dd5191247f9ed0ab2/analysis/
C:\ProgramData\TpScrex\TpScrex.exe
First seen by VirusTotal
2012-05-15 15:14:30 UTC ( 4 days, 21 hours ago )
copyright…: Copyright (c) 2009
C:\ProgramData\TpScrex\TpScrexm.exe
First seen by VirusTotal
2012-05-03 18:29:27 UTC ( 2 weeks, 2 days ago )
copyright…: Copyright (c) 2010
TpScrexw.exe
First seen by VirusTotal
2009-05-02 00:25:18 UTC ( 3 years ago )
copyright…: Copyright (c) The Wheel Automatisering 2006
C:\ProgramData\TpScrex\upTpScrex.exe
First seen by VirusTotal
2011-04-10 12:26:58 UTC ( 1 year, 1 month ago )
copyright…: Copyright (c) 2009
Interesting how only one contains the company name, which also has the copyright of 2006.
Like you said about Symantec reporting it. The WS.Reputation.1 is just showing the reputation of the specific website similar to Web of Trust. Let me look this over some more.
Those files are related to Thinkpad but they are not essential. Do you use this process at all?
Probably not. I do not even know what Thinkpad is, looked it up, and I can see it has to do with laptops. I dont own a laptop, so no, I dont use this proces I guess.
Ok…go ahead and delete that file that Avast is responding to.
Ok, I did that.
How about the file UpTpScrex.exe, this file is also mentioned in the (red) popup that happened the other day (May 19). Maybe the whole directory TpScrex should be deleted?
Sure…if you don’t know what it is than go ahead and remove it. Let me know if you receive any more popups.
i’m following this one, hoping for a fix!
No point in following this topic as fixes are specific to the posters system.
This is why you were asked to start your own new topic and you will get help dedicated to your system.
Hi!
Just wanted to tell you that I havent had any popups for 9 days now !
Thank you very much for your patience!
If there is anything more you think I should do to make sure everything is alright just tell me.