Definately the Worm:Win32/Morto.B ... did some research on these files and registries... I have most of those symptoms on this system.
ok so its Terminal Services.. alright
I also thought i would include a Avast log too.. as it found some items.I included the log here : Its traffic and general log information through out the past 60 days.
Please see Avast.txt attachment.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/24/2013 at 01:53 PM
Application Version : 5.6.1014
Core Rules Database Version : 10046
Trace Rules Database Version: 7858
Scan type : Custom Scan
Total Scan Time : 07:56:05
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 38694
Registry threats detected : 0
File items scanned : 292486
File threats detected : 53
Adware.Tracking Cookie
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
track.prd.inpwrd.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7GLR2UA5.DEFAULT\COOKIES.SQLITE ]
.hearstugo.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.media.xfire.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.media.xfire.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.media.xfire.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.stats.popscreen.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.animetoplist.org [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
ww5.mtoplist.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\BRICKSTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0NFNTH0A.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8AFBC45B-2A12-4EF6-8C1A-A547198A8DC0}\RP294\A0077714.EXEThis.. worried me... that restore point was infected..
Then malwarebytes found a Trojan inside a legitimate Game?... from Aeria games.. which shocked me...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.24.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: PC-F73B8DFDD649 [administrator]
2/24/2013 1:41:23 AM
mbam-log-2013-02-24 (01-41-23).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 505103
Time elapsed: 3 hour(s), 37 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\AeriaGames\Shaiya\game.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)