The Trendmicro site you pointed me toward got me on the right track. After a little looking around I found it out to be this:

<snip>
Discovered: February 18, 2007
Updated: February 19, 2007 2:48:01 AM
Type: Trojan
Infection Length: 29,053 Bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When the Trojan is first installed, it creates the following files:
%ProgramFiles%\Bifrost\server.exe
%ProgramFiles%\Bifrost\klog.dat

The Trojan then creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}\"stubpath" = "%ProgramFiles%\Bifrost\server.exe s"

It then creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
HKEY_CURRENT_USER\Software\Bifrost

The Trojan launches Internet Explorer in hidden mode and injects itself into the iexplorer.exe process in an attempt to bypass any firewall that may be running.

It then opens a back door by contacting the [REMOVED]-life.no-ip.info domain through TCP port 81 allowing it to perform various actions on the compromised computer, such as downloading files from and to the Internet, and stealing confidential information.
</snip>

Fairly recent, too, and it fits the M.O. of what I saw in the raw packets.

... now, as to the infection vector... where's my PC been?!

Thanks for the insight, it helped.