pluto71

After some rummaging around on the internet this looks to be adware/malware that uses powershell to execute, which ties up with what my logs show above. https://www.cybereason.com/the-dawn-of-sophisticated-powershell-adware-campaigns/ "One particularly persistent adware attack piqued our interest around March. This attack leverages PowerShell, a Windows scripting language, to execute commands and remain persistent on the host machines. Along with creating hourly scheduled tasks, the adware also has the potential to download additional malicious code and direct the user to compromised websites. The IOCs from our samples include the following hosts and IPs: • Beautyfile[.]info • sunlongo[.]info • finhoome[.]info • contexfix[.]info • customsky[.]net • easypop[.]info • unitdata[.]info • fliparray[.]info • secureb[.]info• tablezip[.]info • forallshop[.]info • macrosoftman[.]info • openyes[.]info • secureb[.]info • forallshop[.]info. • 37.48.119.38 • 50.63.202.63 • 146.112.61.107 • 185.17.184.6 • 185.17.184.10 • 185.17.184.11.

Here's excerpts from my logs of today & yesterday, have been experiencing frequent pop up notifications about what I think looks very similar. Malwarebytes Anti-Malware www.malwarebytes.org Scan, 21/11/2016 02:40, SYSTEM, ROBERT-PC, Context, Start:21/11/2016 02:35, Duration:4 min 47 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Detection, 21/11/2016 04:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 6048, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 21/11/2016 04:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 6048, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Protection, 21/11/2016 20:34, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Started, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7863, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7863, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7866, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7867, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7869, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7870, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 21/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 7875, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, (end) Malwarebytes Anti-Malware www.malwarebytes.org Detection, 20/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 3808, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 20/11/2016 20:46, SYSTEM, ROBERT-PC, Protection, Malicious Website Protection, Domain, 0.0.0.0, tablezip.info, 3808, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, (end)