GOOD that you got user accounts set up
Then the Firewall
there will be a learning curve but worth it
there are several other low impact steps we can take but let's walk before we try and run
We got a clean second opinion from SAS which is really good news
a second AV opinion can be done at any time
as to your credit cards and bank info
the 2008 virus is not known as a stealer
however it is hard to be sure nothing else was installed
you can either change all of your passwords
or monitor closely
some people overact and reformat their hard drive and reinstall their os
in your case, without getting a firewall in place, there would be no long term benefit in that
I'm going to list a few steps - for later
1 LOCK DOWN INTERNET EXPLORER- there are guides- after you do your firewall we can find one
2 install Javacool Spyware blaster
http://www.javacoolsoftware.com/spywareblaster.html(Tony Kline maintains a list of CLSID- Active X baddies, several people use Tony's list plus their own to make blocklists. The Atribune VUNDOFIX program I mentioned checks for the presence of several hundred as do many other programs
Spywareblaster sets a "Kill bit" in a list of ActiveX identifiers If something tries to run them- well they Can't)
a reasonably foolprof tool
Enough already
I was not going to post the above till I saw your post about passwords
DAvidR may have additional info
but I do not see where we are in panic mode here
wyrmrider