Friend's computer clean now?

Hi, I'm back with another friend's computer! I know I am not finished with it yet; it is quite clogged and has leftover partial uninstalls and undesirable programs on it. I just need to know, after having finished the Read & Run, if it is still infected.

I was advised by my friend's daughter when I received this computer that after about 15 minutes of being on, it would start putting up numerous cascading black windows that you could not stop. So instead of beginning immediately with the Read & Run, I put MalwareBytes (renamed) on a usb flash drive, transferred it to this computer, and then hooked up internet just long enough for it to update. I then ran a full scan. The following day, I updated and ran the directed scan in the Read & Run. I will attach both MB logs so you can get the full picture.

McAfee was difficult to disable, and I wasn't going to keep it on here anyway, so I finally uninstalled it. I was told as well with the last computer I cleaned up that Ad-Aware is no longer a very effective tool, so I removed it while I was at it.

When I tried to run RootRepeal, I got an error message: "Error: FOPS - Device Io Control Error! Error Code = 0x0000024, Extended Info (0x00000114)". After looking it up, it seemed that the problem stemmed from Vista not having current updates. So I updated Vista, installed SP1, updated that, installed SP2, and updated that -- it's now completely current! Then I ran RootRepeal again. This time I got "Warning -- Unrecognized partition type 6 (0x6)!"

I was told also by my friend that she knew there was porn on this computer, the result of her teen son having a few friends over to grandma's (where this computer was) and going places they shouldn't have. I have not yet begun removing it. I just figured I'd disinfect it first.

Thank you for any help you can give me!

 

RootRepeal and MGTools logs...

 

Hi, TimW! Sorry it took me so long!

I ran the scans you asked for. There are four user profiles, and I am attaching the logs for the scans that showed problems. This will take me two posts. I thought it was interesting that the one thing found in both Hannah and John Wesley's profiles by SAS was found in Abby's folder.

I deleted the two files you indicated, and am also attaching the new MGlogs.

When I went into Abby's profile, Windows Defender came up with a warning about Trojan:Win32/Hiloti.gen!D - this is what it said:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Advice: Remove this software immediately.
Resources: process: pid:4524
process: pid:5152
process: pid:3320
regkey: HKCU@S-1-5-21-2786847773-3535864445-686843180-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Etapon
runkey: HKCU@S-1-5-21-2786847773-3535864445-686843180-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Etapon
file: C:\Users\Abby\AppData\Local\ujulihiwekesu.dll

It says it successfully removed it. Windows Firewall also came up and said it had blocked BitTorrent. I guess that makes four file-sharing programs I need to ditch.

The computer is booting much better now! Once it gets into a profile, it takes a while, because a whole bunch of stuff loads automatically. I need to go through and make these things manual. It's loading Skype, MySpace IM, Yahoo messenger, Kodak EasyShare, and Weather Desktop. But I can most definitely tell the difference.

 

Here are the rest of the logs.

 

Thank you, TimW!! It worked just fine!

Sorry for the long time, I'm also packing to move! I'm insane, working on this computer, but she's a good friend, and her daughter needs this computer for school this coming year, so, whaddya do?

I'll go ahead and do the finishing steps now.