The details all have one thing in common "The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE". Each attempt always has a different web address but is from either of the two IP addresses above. I've done full system scans with no success in finding them.
I've looked around and believe its a Trojan.Gatak disguised as explorer.exe. The original file is located at C:\Windows\Explorer.Exe so I ran a search for it and found 3 of them.
The first is located exactly where it should be and was created 8/9/04 and last modified 4/13/08.
The second is located at C:\Windows\$NtServicePackUninstall$ and is in blue and was created 12/13/12 and was last modified 8/9/04( I suspect this file may be what I'm looking for). and no, i did not mix up the created and modified dates, that is exactly what it says.
The third is located at C:\WINDOWS\ServicePackFiles\i386 and was created and modified 4/13/08. (How many explorer.exe files should I have? Just one?)
I would Like confirmation before I start deleting files that may be crucial to Windows.
Norton 360 v6.4.09
Microsoft Windows XP
Media Center Edition
Service Pack 3
Intel ®Core™2 CPU
6300 @ 1.86GHz
1.87 GHz, 1.99 GB of RAM
Physical Address Extension
Edited by Not_Me_Again, 08 January 2013 - 11:49 AM.