C:\WINDOWS\system32\cisvc.exe

This appears to be a keylogger. Remove it! I know PestPatrol
identifies it. Try hitting CTRL-ALT-SHIFT-K or some variant of that
combination, althoug the user may have changed the hotkeys.

Some other notes:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.d ll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.d ll

Suspicious. I would definitely get rid of these.

O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} -
C:\Program
Files\AT&T\WnClient\Programs\CSMBHO.dll

Extremely suspicious. AT&T jumped on the spyware bandwagon long ago,
and, AFAIK, has not really gotten off of it. Ditto, to a lesser
extent, with Yahoo.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: Real.com (HKLM)

Get rid of these. RealPlayer/RealONE should NEVER be running in the
background, and it you should set it's options to disallow the sending
of any kind of information back to RealNetworks/ProgressiveNetworks.

O9 - Extra button: AnyWho (HKLM)

A bit suspicious to me. Not this item itself, but whatever app it's
tied to makes me wonder.

O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll

I would get rid of this too.

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243}
(SecureLogin.SecureControl) -
http://secure2.comned.com/signuptemp...veSecurity.cab

If this is some part of managed security system, keep it. Otherwise,
it's probably unnecessary.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft
Internet Explorer provided by Verizon Online

I'm not thrilled by the concept of Verizon providing a quasi-custom
version of a browser, given Verizon's history. I would install IE6
SP1, then place v4.windowsupdates.microsoft.com in the "Trusted Sites"
zone, and set the Internet Zone to it's highest security setting. Then
ue another browser for normal web browsing and IE only for Windows
Updates.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com