Strange services.exe running at Windows startup

I am running Windows XP Pro, and for the past few days, I have had a strange version of services.exe running at startup.  It looks to me like some sort of threat, and I cannot disable it.  Here is what I've found so far:

1.  The file is located in the C:\Windows folder, not the C:\Windows\System32 folder where the legitimate Microsoft version of services.exe is located.

2. It is marked as a system file.

3.  Norton A/V full system scan run twice and no viruses were discovered.  Virus definitions are current.

4.  Full system scan ran with both Spybot and Ad-Aware , no adware/spyware/malware found.  Definitions up to date.

5.  Security Task Manager (by Neuber Software)  finds this file to be a threat.  It appears to be trying to reach a website on the net:  http//badmental3.netfirms.com/bad.gif, and then Microsoft.com.  This first site does not exist.

6.  I searched the registry for services.exe, and no references to this file were found except for the legitimate Microsoft file in the System32 folder.

7.  Related to #6, I found no references to this file that would cause it to start when the system starts up (since there were no references to the file at all in the registry).  I found nothing in the registry in the HKCU\Run, HKLM\Run HKLM\RunOnce, or any of the startup folders on the system.  Therefore, I am unaware what is prompting this file to start with the system.

8.  The machine has been experiencing intermittant periods of running "slow" since this file has shown up.

9.  The file does not exist nor run on another machine with the very same software setup.

10.  I have tried to manually remove the file, and it just comes back every time Windows starts.  I have deleted all Temp and Temporary Internet files from the machine, and rebooted with the machine offline just to be sure that it was not being reloaded on the machine from the internet or a file previously downloaded that resided in those two folders above.  

The bottom line is, that this file concerns me, as this is a mission critical machine.  Data has been backed up, however, I'd much rather not have to reinstall Windows on this machine to rid it of this file.  It appears to be malicious to me, as why would a legitimate version of services.exe make a call to that website and have no description listed (as all Microsoft files do) when you view the files properties.  Is it possible that this is a legitimate file?  In my opinion it isn't, and its very persistant so I cannot get rid of it.  The persistance of it reminds me of other adware\spyware that has appeared on machines we have, however, 2 hours of searching Google for a similar file yielded no results in answering my question.  There were many references to viruses and adware\spyware that used a services.exe file in the Windows folder, however, this one does no match any of the descriptions I found (ie:  no registry keys on this machine as would be if it was the file referred to on the web pages descriptions, no other associated files found from listed with the info found, etc).  I'm not sure where to go from here.  Any help would be appreciated.  Finally, I'll list the text found in the file in question by Security Task Manager.  Not sure if it will be helpful, but it seems to list some of this mystery files actions:

The instruction at 0x70d4431e referenced memory at 0x11fd0200. The memory could not be written.
Click on OK to terminate the program.
Software\Microsoft\RAS Autodial\Control
SOFTWARE\Microsoft\Active Setup\Installed Components\44AE4113C12110CC1F32A0BC12E2014D
Service Pack 1
abl2P Soft,wa
----------------
kernel32.dll
GetCurrentThreadId
ExitProcess
CreateThread
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CharNextA
advapi32.dll
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
kernel32.dll
lstrcmpiA
WinExec
SuspendThread
Sleep
SetFileTime
SetFileAttributesA
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetSystemDirectoryA
GetProcAddress
GetLastError
GetFileTime
GetCurrentProcessId
FreeLibrary
CreateMutexA
CreateFileA
CopyFileA
CloseHandle
TranslateMessage
MessageBoxA
GetMessageA
DispatchMessageA
wininet.dll
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
puModul
Valu
pyfdr_8Mlu
DspachMe
vRadFiaw
IntersClosOHad
UType
WinIe
H,msal
 ExplXors.
vMiaB_aqUcxxo
RASdxudialCf0Gnp/w
Sesl
1culRnyFb
/Theinstuc
plicatonEr
OTc1hek
LoadLibraryA2
GetProcAddress
kernel32.dll
UTypes
KWindows
SysInit
System
WinInet
wwCwiCw
wK/w.wa
C\WINDOWS.0\System32
a_dick
StubPath
msapplg.exe
services.exe
Explorer.exe
RegisterServiceProcess
http//badmental3.netfirms.com/bad.gif
http//ww.microsoft.com/
LoginSessionDisable
  Application Error
.decode
.data