CPU Usage at 30 - 50%, but no process seems to take it?

Hi!

Please have a look at the attached picture... Left: you got the process list sorted by CPU usage. Right, task manager showing 50 + % CPu Usage... wtf?

Thanks for your help!

[IMG]http://i331.photobucket.com/albums/l464/ggogeta1/Cpuusage.jpg[/IMG]

picture blurry and the one on the left is not full you need to scroll to show is see all so it means nothing to me in the views i see ,in the task manager click on processes and make the box big and see what it shows

Picture is blurry because it's scaled to the window, if you open it in its own window or tab (or follow the photobucket link) you can click to display at full size.

I'm not familiar with cacheman, does it have a feature somewhere to show processes from all users? That's a common issue with the integrated task manager, by default it only shows processes that YOU innitiated on the list but it shows the actual cpu usage including "system" and other users.

got the blurry problem fixed, its still only partial info because the software need to scroll down to show all processes using the cpu .and task manager should show whats causing the usage

You seem to know your way around a computer but just in case please do the following:-
1. Press Ctrl Alt and Del all together.
2.When Task manager opens Click on "Processes"
3. Press "Print Screen" button
4. Open "Paint" Start-All Programs-Accessories-Paint.
5. Click "Edit"
6. Click "Paste"
7. Click "File" "save as"
8. Type "WTM"
9. Click on arrow of "Save as type" and change to "Jpeg" Click "OK"
10. Attach to next post here.

Again, sorry if you knew all this.

got the blurry problem fixed, its still only partial info because the software need to scroll down to show all processes using the cpu .and task manager should show whats causing the usage

The processes are sorted by CPU usage, and is refreshed automatically... see that many process take 0% in the bottom? well all the processes below are taking 0% as well.

I could have taken any other program, I can swear to you there are no processes that take more than 1-2% at a time, and adding em up really do not make 50% CPU usage. I've checked Taskmgr myself, and this is why I'm posting.

Have you looked into an "show processes from all-users" setting?

I have only 1 user

Would be interesting to see a rootkit scan result. You could do it yourself with IceSword, RKR or Blacklight or run this which includes GMER:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

Guess what, I installed Sygate firewall, and Voila, CPU Usage is at mere 1-2%, having firefox, msn and the like loaded into memory.

Pretty scary stuff, I'll scan and get back to you about this!

Sounds like something that was hidden was working very hard. Windows Firewall - it lets anything run, and it lets anything go out onto the web. Therein lies the real beauty of WF: it aint in itself a real drain on your sys because it simply is not doing much to protect you.

Here are the results (language is french btw...):

ComboFix 08-10-12.01 - Frank 2008-10-13 13:52:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1300 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Frank\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Frank\Application Data\inst.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.

2008-10-10 00:31 . 2008-10-10 00:31 <DIR> d-------- C:\USR
2008-10-09 18:03 . 2008-10-09 18:36 <DIR> d-------- C:\Program Files\CachemanXP
2008-10-09 17:33 . 2008-10-09 17:35 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\Bitmeter2
2008-10-09 17:33 . 2008-10-09 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bitmeter2
2008-10-09 17:32 . 2008-10-09 17:32 <DIR> d-------- C:\Program Files\Codebox
2008-10-09 17:24 . 2008-10-09 17:24 <DIR> d-------- C:\Program Files\IObit
2008-10-09 16:55 . 2008-10-09 16:55 <DIR> d-------- C:\Program Files\Sygate
2008-10-09 16:55 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-10-09 16:55 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-10-09 16:55 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-10-09 16:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-09-25 20:16 . 2008-09-25 20:16 <DIR> d-------- C:\Program Files\Secunia
2008-09-25 20:05 . 2008-09-25 20:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Program Files\iTunes
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Program Files\iPod
2008-09-25 20:04 . 2008-09-25 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-25 19:57 . 2008-09-25 19:57 <DIR> d-------- C:\Program Files\Bonjour
2008-09-21 23:27 . 2008-09-21 23:29 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\vlc
2008-09-16 12:31 . 2008-09-16 12:31 <DIR> d-------- C:\Program Files\Samsung ML-1610 Series
2008-09-16 12:10 . 2008-09-16 12:10 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-16 12:10 . 2008-09-16 12:10 <DIR> d--h----- C:\Program Files\CanonBJ
2008-09-16 12:10 . 2007-03-24 01:30 1,400,832 --a------ C:\WINDOWS\system32\CNC310C.DLL
2008-09-16 12:10 . 2007-03-19 19:39 200,704 --a------ C:\WINDOWS\system32\CNC310L.DLL
2008-09-16 12:10 . 2007-03-15 23:12 188,416 --a------ C:\WINDOWS\system32\CNC310O.DLL
2008-09-16 12:10 . 2007-03-24 01:29 98,304 --a------ C:\WINDOWS\system32\CNC310I.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-13 16:12 --------- d-----w C:\Program Files\LogMeIn
2008-10-12 16:13 --------- d-----w C:\Documents and Settings\Frank\Application Data\uTorrent
2008-10-09 20:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 01:49 --------- d-----w C:\Documents and Settings\Frank\Application Data\Vso
2008-10-04 22:16 --------- d-----w C:\Program Files\Starcraft
2008-09-26 00:02 --------- d-----w C:\Program Files\QuickTime
2008-09-26 00:02 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-16 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 16:22 --------- d-----w C:\Documents and Settings\Frank\Application Data\Apple Computer
2008-09-16 16:09 --------- d-----w C:\Documents and Settings\Frank\Application Data\Canon
2008-09-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-06 19:42 --------- d-----w C:\Documents and Settings\Frank\Application Data\Nexon
2008-09-06 02:17 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-09-06 02:09 --------- d-----w C:\Program Files\DivX
2008-09-06 02:09 --------- d-----w C:\Program Files\Coupons
2008-09-05 21:46 --------- d-----w C:\Documents and Settings\Frank\Application Data\dvdcss
2008-08-19 07:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-01 03:25 22,328 ----a-w C:\Documents and Settings\Frank\Application Data\PnkBstrK.sys
2007-12-19 06:45 47,360 ----a-w C:\Documents and Settings\Frank\Application Data\pcouffin.sys
2008-02-28 18:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2008-05-09 09:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-09-08 1965296]
"CTHelper"="CTHELPER.EXE" [2006-08-17 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\Frank\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 663552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2004-10-28 860254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"E:\\STEAM\\Steam.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\team fortress 2\\hl2.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"E:\\STEAM\\steamapps\\ggogeta111\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Valve\\HLServer\\srcds.exe"=
"F:\\LES JEUX\\Crysis\\Bin32\\Crysis.exe"=
"F:\\LES JEUX\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\STEAM\\steamapps\\benoit_criss@hotmail.com\\team fortress 2\\hl2.exe"=
"E:\\STEAM\\steamapps\\benoit_criss@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2004-08-06 17920]
S2 FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe;FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe;C:\Program Files\FAH\1\fah6-win-x86-console.exe [2008-01-31 712704]
S2 FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe;FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe;C:\Program Files\FAH\2\fah6-win-x86-console.exe [2008-01-31 712704]
S3 LycoFltr;Lycosa Keyboard;C:\WINDOWS\system32\Drivers\Lycosa.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d4f342-7f4f-11dc-a324-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ProxyCap - C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\6a3ptqkk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.ca
FF -: plugin - C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\6a3ptqkk.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 13:55:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+FAH+1+fah6-win-x86-console.exe]
"ImagePath"="C:\Program Files\FAH\1\fah6-win-x86-console.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+FAH+2+fah6-win-x86-console.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 13:59:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 17:59:26

Avant-CF: 20 254 695 424 bytes free
Après-CF: 20,515,057,664 bytes free

228 --- E O F --- 2008-09-10 13:20:50

There does not seem to be any problem left in there, gog. Combofix removed a worm file.
Your computer is on a network, and this server name means something to you: "]6A" ?

]6A means nothing to me. I'm on a home network, computer is a member of a workgroup called "workgroup", nothing exquisite there :P. Got some network shares, etc...

Do you have an idea on what that could be?

thanks!

Gog, it is just this entry that I was wondering about
BITS: hxxp://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
which is a URL for the background intelligent transfer service, and really http://auj+|Cv+@J:NGD_DQ{zcxLJS@]6A
This is the username: auj+|Cv+@J
and all is at this key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
I cannot advise you on what to do with it. If you were to export that key and post it here it would be confusing cos a lot of it would be in hex ascii representation....
It could be legit.. it is the sort of jargon a machine would come up with....
Help!!

Even with one user it matters, by default XP only shows processes registered to the current user, that excludes many system processes that are run outside of your user log-in. Pretty much anything that starts up before you put your user password in wont show as your user.

Thanks gerbil, Everything seems to be fine, looking at the process list, and CPu Usage.

Just out of curiosity, when I click "show processes for all users" I don't see additionnal processes, is that normal :P

Thanks !

Interesting how Oly seemed to answer your question before you asked it... Anyway, if there are no other users logged on and with running processes you won't see them... :)