OK. I think the user accounts are valid. I know he uses logmein to remote into the PC, and I thing the other SrvAcct.SERVER account is used for a database program. I ran FRST Fix. Log is attached. Ran updated antimalware, nothing detected. (see below) Ran mbar, nothing detected. Log is attached. Two things: After the FRST fix, windows update started working and the security updates for IE8 from April were due to be installed. I didn't install them. Also, when the malicious web site warnings are popping up I ran task manager and there were 8 explorer.exe processes running. When I started up the machine I was getting to pop-ups constantly. Now they stopped, even though no malware was found. I'm going to reboot and see what happens. Below is the antimalwarebytes log. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/10/2014Scan Time: 5:49:53 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.10.10.10Rootkit Database: v2014.10.08.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: user Scan Type: Threat ScanResult: CompletedObjects Scanned: 447493Time Elapsed: 36 min, 29 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Fixlog.txt mbar-log-2014-10-10 (20-52-04).txt