I also found this folder: %USERPROFILE%\Local Settings\Application Data\AMozilla\AFirefox, containing a profile.
I traced back how this bleep came, and I found that on 27 March I went to www.free-codecs.com to get latest FFDSHOW for a new computer setup. For a reason I’m still wondering, I ended up downloading from there a file ffdshow_rev4525_20131117_clsid.exe with a size of about 16MB (!) I noticed that my previous versions from 2012 were about 4.5MB, “more bloating" I thought... Now I go back to that website and I’m unable to download the same file again! Why I got a 2013 version instead of latest 2014-02-09 one? Anyway, that extra size contained the trojan.
On the other hand, removal seems easy: kill process dmw (wscript too), remove autorun entry with Autoruns, and delete folders described above. Remove these Registry keys too:
HKEY_CURRENT_USER\Software\Microsoft\Notepad (only delete these two values: sdate, sysid)
Edited by hamluis, 03 April 2014 - 08:01 AM.
PM sent new OP - Hamluis.