Sounds like something that was hidden was working very hard. Windows Firewall - it lets anything run, and it lets anything go out onto the web. Therein lies the real beauty of WF: it aint in itself a real drain on your sys because it simply is not doing much to protect you.

Here are the results (language is french btw...):

ComboFix 08-10-12.01 - Frank 2008-10-13 13:52:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1300 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Frank\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Frank\Application Data\inst.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.

2008-10-10 00:31 . 2008-10-10 00:31 <DIR> d-------- C:\USR
2008-10-09 18:03 . 2008-10-09 18:36 <DIR> d-------- C:\Program Files\CachemanXP
2008-10-09 17:33 . 2008-10-09 17:35 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Bitmeter2
2008-10-09 17:33 . 2008-10-09 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bitmeter2
2008-10-09 17:32 . 2008-10-09 17:32 <DIR> d-------- C:\Program Files\Codebox
2008-10-09 17:24 . 2008-10-09 17:24 <DIR> d-------- C:\Program Files\IObit
2008-10-09 16:55 . 2008-10-09 16:55 <DIR> d-------- C:\Program Files\Sygate
2008-10-09 16:55 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-10-09 16:55 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-10-09 16:55 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-25 20:16 . 2008-09-25 20:16 <DIR> d-------- C:\Program Files\Secunia
2008-09-25 20:05 . 2008-09-25 20:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Program Files\iTunes
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Program Files\iPod
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Bonjour
2008-09-21 23:27 . 2008-09-21 23:29 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\vlc
2008-09-16 12:31 . 2008-09-16 12:31 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series
2008-09-16 12:10 . 2008-09-16 12:10 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-16 12:10 . 2008-09-16 12:10 <DIR> d--h----- C:\Program Files\CanonBJ
2008-09-16 12:10 . 2007-03-24 01:30 1,400,832 --a------ C:\WINDOWS\system32\CNC310C.DLL
2008-09-16 12:10 . 2007-03-19 19:39 200,704 --a------ C:\WINDOWS\system32\CNC310L.DLL
2008-09-16 12:10 . 2007-03-15 23:12 188,416 --a------ C:\WINDOWS\system32\CNC310O.DLL
2008-09-16 12:10 . 2007-03-24 01:29 98,304 --a------ C:\WINDOWS\system32\CNC310I.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-13 16:12 --------- d-----w C:\Program Files\LogMeIn
2008-10-12 16:13 --------- d-----w C:\Documents and Settings\Frank\Application Data\uTorrent
2008-10-09 20:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 01:49 --------- d-----w C:\Documents and Settings\Frank\Application Data\Vso
2008-10-04 22:16 --------- d-----w C:\Program Files\Starcraft
2008-09-26 00:02 --------- d-----w C:\Program Files\QuickTime
2008-09-26 00:02 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-16 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 16:22 --------- d-----w C:\Documents and Settings\Frank\Application Data\Apple Computer
2008-09-16 16:09 --------- d-----w C:\Documents and Settings\Frank\Application Data\Canon
2008-09-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-06 19:42 --------- d-----w C:\Documents and Settings\Frank\Application Data\Nexon
2008-09-06 02:17 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-09-06 02:09 --------- d-----w C:\Program Files\DivX
2008-09-06 02:09 --------- d-----w C:\Program Files\Coupons
2008-09-05 21:46 --------- d-----w C:\Documents and Settings\Frank\Application Data\dvdcss
2008-08-19 07:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-01 03:25 22,328 ----a-w C:\Documents and Settings\Frank\Application Data\PnkBstrK.sys
2007-12-19 06:45 47,360 ----a-w C:\Documents and Settings\Frank\Application Data\pcouffin.sys
2008-02-28 18:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2008-05-09 09:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-09-08 1965296]
"CTHelper"="CTHELPER.EXE" [2006-08-17 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\Frank\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 663552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2004-10-28 860254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"E:\\STEAM\\Steam.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\team fortress 2\\hl2.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Valve\\HLServer\\srcds.exe"=
"F:\\LES JEUX\\Crysis\\Bin32\\Crysis.exe"=
"F:\\LES JEUX\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\STEAM\\steamapps\\benoit_criss@hotmail.com\\team fortress 2\\hl2.exe"=
"E:\\STEAM\\steamapps\\benoit_criss@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2004-08-06 17920]
S2 FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe;FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe;C:\Program Files\FAH\1\fah6-win-x86-console.exe [2008-01-31 712704]
S2 FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe;FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe;C:\Program Files\FAH\2\fah6-win-x86-console.exe [2008-01-31 712704]
S3 LycoFltr;Lycosa Keyboard;C:\WINDOWS\system32\Drivers\Lycosa.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d4f342-7f4f-11dc-a324-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ProxyCap - C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\6a3ptqkk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.ca
FF -: plugin - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\6a3ptqkk.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 13:55:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe]
"ImagePath"="C:\Program Files\FAH\1\fah6-win-x86-console.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 13:59:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 17:59:26

Avant-CF: 20 254 695 424 bytes free
Après-CF: 20,515,057,664 bytes free

228 --- E O F --- 2008-09-10 13:20:50

There does not seem to be any problem left in there, gog. Combofix removed a worm file.
Your computer is on a network, and this server name means something to you: "]6A" ?

]6A means nothing to me. I'm on a home network, computer is a member of a workgroup called "workgroup", nothing exquisite there . Got some network shares, etc...

Do you have an idea on what that could be?

thanks!

Gog, it is just this entry that I was wondering about
BITS: hxxp://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
which is a URL for the background intelligent transfer service, and really http://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
This is the username: auj+|Cv+@J
and all is at this key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
I cannot advise you on what to do with it. If you were to export that key and post it here it would be confusing cos a lot of it would be in hex ascii representation....
It could be legit.. it is the sort of jargon a machine would come up with....
Help!!

Even with one user it matters, by default XP only shows processes registered to the current user, that excludes many system processes that are run outside of your user log-in. Pretty much anything that starts up before you put your user password in wont show as your user.

Thanks gerbil, Everything seems to be fine, looking at the process list, and CPu Usage.

Just out of curiosity, when I click "show processes for all users" I don't see additionnal processes, is that normal

Thanks !

Interesting how Oly seemed to answer your question before you asked it... Anyway, if there are no other users logged on and with running processes you won't see them...