Hi. I upgraded to the paid version of MWB a few weeks ago. Yesterday, just as I was exiting Chrome, I got a popup saying a connection attempt to a malicious website (54.213.72.133, domain qeswu.com) was blocked. A couple of hours later, there was another one (same address, domain was wt2secure.com this time.) The second time I wasn't doing anything at all on the machine. From what I can see, this address is on a list of hacker sites so this is concerning. I have checked the MWB protection logs going back about 2 weeks - there are no other instances of this. I have noticed some odd behavior on this machine (which I could describe if it helps), so I would feel better if someone could advise me whether there is something to be concerned about here. I have run a full scan with MWB and MSE, neither detected anything. I ran a couple of rootkit detectors, Sophos and GMER, neither of them found anything either. I'm including the FRST log and addition file here. I also ran aswMBR yesterday (since other dialogs about this issue have suggested it) and I have that log if it's needed. I haven't attempted to actually do anything and am not planning to pending further input. Thanks for any help you can provide. Addition.txt FRST.txt