Additional information: 1) actual name of the rogue program is "Desktop Security 2010". 2) Before we restored the image file we observed the following behavior: The 2010 warning screens come up after reboot. The only way around them was to Ctrl-Alt-Del, go to processes and end program on Desktop Security 2010. I could then access the Start button, AVG and Malwarebytes. Full scan with AVG found 2 items that reported successfully cleaned... but reboot, brought us right back to the warning screens. I had already done a full scan with Malwarebytes externally... and had already decided to just restore the drive image file. 3) I am thinking that the exe files in the temp folder mentioned above, may just be "dummy malware" put in place by Desktop Security 2010 as "proof" that you are infected. They are probably not malicious... just named to look like they are, to convince an unsuspecting person that they need to buy the program. 4) But ignoring the exe files in the temp folder, we still have a problem that AVG, Malwarebytes and Vipre could not resolve with standard scans. Nasty stuff. Thankfully we image the PCs every night and had an "easy" way out. Thanks to everyone for the replies and instructions. We may need the info next time. I would have liked to try the suggestions, but this machine needed to be put back in service immediately.