Malicious IPs being blocked nonstop

[RandomTaskMan]

As soon as I upgraded and enabled IP protection for the past 20 minutes I've gotten the

Malwarebytes Anti-Malware has succesfully blocked access to malicious IP: *

After performing a quick scan MWB's found no infections

Is there a way to find out what program is attemping access to these IPs?

I'm not on any malicious web-pages at this moment in time either.

[mountaintree16]

@ RandomTaskMan

Welcome to the forums!

Are the pop ups happening constantly, or only at certain webpages?

Do you have any P2P programs, such as BitTorrent or LimeWire?

Also, just as a side note, when replying, please erase what the person said and just address them @username or username:, as this makes the forum easier to read

[RandomTaskMan]

@mountaintree16

I didn't think about that

I am using the program utorrent

could this be the reason?

and how would I prevent this from happening

as well as I want to attempt the silentipmode

described in this thread

but the steps are a little unclear for someone who doesn't know much about the registries

http://www.malwarebytes.org/forums/index.p...st&p=124874

any help would be appreciated

[RandomTaskMan]

Also the pop-ups are happening constantly

the only web pages I am on are facebook and these fourms at this moment in time.

[mountaintree16]

@RandomTaskMan

Yes, utorrent could definitely be the or at least part of the cause of the constant pop ups. I would STRONGLY recommend uninstalling it. If you choose to do this, restart your computer afterwards

Facebook has never thrown an IP block at me, at least not yet.

I'm glad that you found the IP registry tweak page, I was just going to direct you to it, actually.

Hmm I am actually not too good with registry editing either, I've only looked at it before (once or twice) and have never edited... I'll send along a message to someone who knows better and see if they can jump in here and help you

[RandomTaskMan]

I think I may have found the issue but don't know how to solve it.

I opened up my task manager and found iexplore.exe running and as I don't use I.E. I terminated the program.

I've also found several programs that don't look like they should running at all

lsass.exe under SYSTEM

csrss.exe under SYSTEM

smss.exe under SYSTEM

spoolsv.exe under SYSTEM

cih.exe under OWNER

m9m8tgpttdfr .exe under OWNER

[mountaintree16]

RandomTaskMan,

lsass is normal as far as I know, I have it too.

I have spoolssv, csrss, smss also. I believe these are also normal.

I have no idea what cih or m9m8tgpttdfr are, though.

I PMed a Moderator about your Registry question

[RandomTaskMan]

Thank you for your assistance.

[mountaintree16]

You're welcome!

Let me know if I can be of any more help, I try to help the best that I can

[GT500]

PM has been sent to user.

[mountaintree16]

Thanks GT500

[GT500]

I've also found several programs that don't look like they should running at all

lsass.exe under SYSTEM

csrss.exe under SYSTEM

smss.exe under SYSTEM

spoolsv.exe under SYSTEM

cih.exe under OWNER

m9m8tgpttdfr .exe under OWNER

m9m8tgpttdfr .exe is unknown and is probably malicious.

cih.exe is a worm according to Sophos.

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.