Thanks Broni...
Wondering if they had an infected document corrupt their normal.dot template, so now it is calling for malware we have already removed? But, if so, why would OA deal with it until it tried to start? You are the expert here, I am just grasping at straws. In any case, I am thinking of removing their normal.dot templates, all instances, just in case, and let them be respawned next time Word starts.
=======
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.11.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: BALTIMOR-1MBHXM [administrator]
Protection: Disabled
1/11/2012 2:01:49 PM
mbam-log-2012-01-11 (14-01-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221618
Time elapsed: 19 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)