Things were still not quite back to routine today, and I had to change plans. I downloaded a live ISO, blew that onto a USB key, and let it percolate a couple of hours. Looks like I rang the bell. Here is what it found:
EXP/CVE-2013-0422
JS/iFrame.ADI.1
JS/LoadSpam.G
JS/Expack.BW
JS/iFrame.ADI.1
Java/Dldr.Lamar.IX
TR/Rogue.kdz.5639.2
Just as it appeared to be, it was the Java exploit. That returned control to my login and I rebooted into safe mode to run MBAM. I had forgotten to change 're-name anything that can't be fixed' to 'delete', so it found the two which were renamed as well as two registry keys and identified all as Trojan.ransom.df, which pretty well describes the infestation. After that, I ran OTL. Thanks for the tip; this looks pretty thorough. I got an "exceeds the maximum allowed length" when I pasted it here, though. Since I don't see any way to attach a text file, do you have a preferred filehost I could link?