It's highly likely you've caught some form of pre-boot rootkit that uses a random name for its payload. Googling or looking for another "ynhif" won't help because other installations of the same malware will be named with a different set of five random characters. If you want to check if the computer has been reinfected, use a boot disk to look for the re-appearance of any other files with random names.
Brand-name antivirus software virtually useless against this kind of threat and all 'clean' reports you get should be considered false negatives.
Rootkit malware is extremely difficult to eradicate. Your best option is to copy all data off the system, wipe the hard drive (diskpart clean) and reinstall from a recovery disk or retail DVD.
Make sure your friend gets into the habit of updating all his Internet-facing software (browser, flash, acrobat reader) to reduce the risk of being infected again. Running AV software alone is an inadequate defense.