Apparently MCUI32.exe is a legitimate symantec prog running in the background after detecting HTTP Neosploit Activity 2

The really funny thing about the exe is its running from the installer package on my desktop instead of from the C:\ drive like all the rest of the norton products?

attacking url:

[xghvhwiqrrxn.com/nte/avorp1who.php/]"very long string of numbers and letters/characters"

So in the confusion "I" (computer owner) am attacking my own drives...?

Resulting search for the dot com led here http://safeweb.norton.com/report/show?name=xghvhwiqrrxn.com