Hey everyone. The same thing is happening on my computer and might have some additional information.
History: By popups, I had to realize that something got on my PC. It was called "DNS unlocker" as I found in the installed programs. It took me a while to remove (only the symptoms I'm afraid). I dug through registry and all. At the end I found that it changed my DNS settings. Once I fixed that the popups disappeared. Completely removed Firefox and reinstalled, reset firewall settings and whatever I could think of. Worth noting that I only installed Eset after I detected the infection.
After all this I started seeing the blocking popups by Eset. Happened fairly rare but when I saw the malicious looking address (skype-soft), I started digging.
Eset does provide information in the logs regarding the process initiating the connection, however it's being initiated through temp files as a disguise, and they are deleted right after the event:
Time; URL; Status; Application; User; IP address 29/12/2015 20:59:56; http://skype-soft.com/download1?affiliate_id=000211&wv=60300&wi=9f6f2438-4849-490a-8a82-3c087e9d0c0e&wx=x64; Blocked by internal blacklist; C:\Users\X\AppData\Local\Temp\is-P8T4N.tmp\SteamHelper.tmp; PCY\X; 188.8.131.52 27/12/2015 20:59:39; http://skype-soft.com/download1?affiliate_id=000211&wv=60300&wi=9f6f2438-4849-490a-8a82-3c087e9d0c0e&wx=x64; Blocked by internal blacklist; C:\Users\X\AppData\Local\Temp\is-P1O06.tmp\SteamHelper.tmp; PCY\X; 184.108.40.206
This is when I googled a little to find a tip on figuring out what creates the temp files and ended up here.