Strange WebClient Traffic

I have a question about WebClient generated traffic. The situation is: I have a PC with Windows XP SP3 that is in a workgroup and connected to a Windows Domain Network only sharing DNS. Today, after the machine was shut down for 15 days, I connected again and suddenly there was the strange sequence of packets to an old share map network (this share map network is not connected but it was using the command net use):

Broadcast packet Name Query NB for the name of one share it had before (\name) Name Query Response NB IP of the share to the Pc in port 139

The following secuence in TCP:

IP PC->IP Old Share Folder TCP SYNC IP Old Share Folder->IP PC RST,ACK IP PC->IP Old Share Folder TCP SYNC Retransmission IP Old Share Folder->IP PC RST,ACK IP PC->IP Old Share Folder TCP SYNC Retransmission IP Old Share Folder->IP PC RST,ACK IP PC->IP Old Share Folder TCP SYNC IP Old Share Folder->IP PC RST,ACK IP PC->IP Old Share Folder TCP SYNC Retransmission IP Old Share Folder->IP PC RST,ACK IP PC->IP Old Share Folder TCP SYNC Retransmission IP Old Share Folder->IP PC RST,ACK

I could detect that the proccesses that tried the connection were the System and Weblient using the following PC's log:

Process ID: 4 (System)

System Process

PID Port Local IP State Remote IP:Port 4 TCP 445 0.0.0.0 LISTENING 0.0.0.0 4 TCP 139 IP PC LISTENING 0.0.0.0 4 TCP 1265 IP Pc SYN SENT Network Share IP:139 4 TCP 1266 IP Pc SYN SENT Network share IP:139 4 UDP 445 0.0.0.0 : 4 UDP 137 IP PC : 4 UDP 138 IP Pc :

Process ID: 1344 (svchost.exe)

User context: NT AUTHORITY\LOCAL SERVICE

Service Name: WebClient Display Name: Cliente Web Service Type: runs in its own process

PID Port Local IP State Remote IP:Port 1344 TCP 1322 IP Pc SYN SENT Network_Share:80

Loaded modules: C:\WINDOWS\system32\svchost.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C910000) C:\WINDOWS\system32\kernel32.dll (0x7C800000) C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000) C:\WINDOWS\system32\RPCRT4.dll (0x77E50000) C:\WINDOWS\system32\Secur32.dll (0x77FC0000) C:\WINDOWS\system32\ShimEng.dll (0x5CF60000) C:\WINDOWS\AppPatch\AcGenral.DLL (0x6FDB0000) C:\WINDOWS\system32\USER32.dll (0x7E390000) C:\WINDOWS\system32\GDI32.dll (0x77EF0000) C:\WINDOWS\system32\WINMM.dll (0x76B00000) C:\WINDOWS\system32\ole32.dll (0x774B0000) C:\WINDOWS\system32\msvcrt.dll (0x77BE0000) C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000) C:\WINDOWS\system32\MSACM32.dll (0x77BB0000) C:\WINDOWS\system32\VERSION.dll (0x77BD0000) C:\WINDOWS\system32\SHELL32.dll (0x7E6A0000) C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000) C:\WINDOWS\system32\USERENV.dll (0x76630000) C:\WINDOWS\system32\UxTheme.dll (0x5B150000) C:\WINDOWS\system32\IMM32.DLL (0x76340000) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (0x773A0000) C:\WINDOWS\system32\comctl32.dll (0x58C30000) C:\WINDOWS\system32\NTMARTA.DLL (0x77660000) C:\WINDOWS\system32\SAMLIB.dll (0x71B90000) C:\WINDOWS\system32\WLDAP32.dll (0x76F20000) C:\WINDOWS\system32\xpsp2res.dll (0x00680000) c:\windows\system32\webclnt.dll (0x5AAB0000) C:\WINDOWS\system32\WININET.dll (0x3FA00000) C:\WINDOWS\system32\Normaliz.dll (0x009A0000) C:\WINDOWS\system32\urlmon.dll (0x44430000) C:\WINDOWS\system32\iertutil.dll (0x400A0000) c:\windows\system32\WS2_32.dll (0x71A30000) c:\windows\system32\WS2HELP.dll (0x71A20000) C:\Archivos de programa\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (0x20CB0000) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll (0x78130000) C:\WINDOWS\system32\WINTRUST.dll (0x76BF0000) C:\WINDOWS\system32\CRYPT32.dll (0x77A50000) C:\WINDOWS\system32\MSASN1.dll (0x77AF0000) C:\WINDOWS\system32\IMAGEHLP.dll (0x76C50000) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll (0x7C420000) C:\WINDOWS\system32\RASAPI32.dll (0x76EA0000) C:\WINDOWS\system32\rasman.dll (0x76E50000) C:\WINDOWS\system32\NETAPI32.dll (0x597F0000) C:\WINDOWS\system32\TAPI32.dll (0x76E70000) C:\WINDOWS\system32\rtutils.dll (0x76E40000) C:\WINDOWS\system32\sensapi.dll (0x72250000) C:\WINDOWS\System32\mswsock.dll (0x719D0000) C:\WINDOWS\system32\rasadhlp.dll (0x76F80000) C:\WINDOWS\system32\hnetcfg.dll (0x66740000) C:\WINDOWS\System32\wshtcpip.dll (0x71A10000) C:\WINDOWS\system32\DNSAPI.dll (0x76EE0000) C:\WINDOWS\system32\iphlpapi.dll (0x76D20000)

After this I searched in the registry and found the name of the share and the IP in the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2##ip##name HKEY_USERS\1-5-21.....500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions HKEY_USERS\1-5-21.....500\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU HKEY_USERS\1-5-21.....500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2##ip##name

Is this traffic normal, I mean Windows XP tries if a long time has passed to refresh old network shares trying to sinchronyze with it using Webclient? Is a parameter of WebClient service which generates this traffic? Could it be some kind of script in the PC or an injected dll in the process because it is generated without human intervention?

Could someone help me to undestand the situation?

Best Regards and thanks in advance.