Trying to figure out if my parents' computer is infected

My parents got a Vista computer a few days ago, and all of the security stuff is running (Windows Firewall, Windows Updates, Windows Defender). I also installed AntiVir and Firefox. I did disable one thing though - the User Account Control.

Yesterday my dad was browsing, and then he called me over to the computer. Somehow Firefox had gone over to onlinexpscanner.com, and I noticed that a suspicious executable had been downloaded, and there were prompts asking to run some code. I said No, closed all the browser windows, deleted the executable file that had been downloaded, and then let my dad continue surfing.

Now I am trying to figure out if the computer got infected, because I don't know if my dad may have inadvertently executed any code. Would Windows Defender have stopped anything from executing? I now regret turning off the User Account Control. Although I just noticed that User Account Control is enabled again. Very strange, I don't know how that happened.

Also, could I save myself the trouble of running a bunch of virus/spyware scans by using the System Restore feature in Vista? I see that there is a restore point from yesterday that is prior to my dad's encounter with the spyware site. If I go back to that restore point, would that guarantee that any spyware on the system would be removed? I'm not sure if that would work, because I read that System Restore does not restore all files.

If using System Restore is not a good idea, then what should be my first step? Run HijackThis? Or run a bunch of virus/spyware scans?

 

I don't use Vista, but I would do system restore and then just one or 2 scans.
For scanning, use SuperAntiSpyware.
For a second opinion, I would use Dr. Web CureIt.

I think this could have been avoided with UAC.

Maybe you could consider a sandbox for the browser and/or NoScript extension on firefox

 

Before using the computer, your parents should have taken a backup first and then go on-line.
They don't have a boot-to-restore, which means a classical security setup.
Firewall + AntiVirus + AntiSpyware, plenty of choice. UAC = on, not off.
Firefox + NoScript + AdBlockPlus and sandboxed + locked data folders.
Email : ignore and delete all spam-emails, without opening them (= very difficult) and don't believe the million dollar winnings.