Just Infected

Last friday one of my co-workers clicked on a link in an email from an unknown source. Shouldn't have done that. He started getting pop up windows claiming he was infected with Win32.netbooster. These windows asked if he wanted to "clean this up". When he didn't click on that link, (sanity returns, better late than never) IE opened up at a website that offered to sell him System Defender. Closing that one got another IE widow trying to sell him Ultimate Cleaner. He unplugged the network cable and shut it down for the weekend.
I checked this machine out yesterday morning. (It is a recent model Dell low end buisness box, Windows XP, all integrated components with minimal specs.) Same websites and popups. Whatever this is also removed almost everything from the start menu except recently run programs. No programs button, no run, no search, no control panel, nothing but printers. The machine is slowed to a crawl. Internet access to most useful sites is blocked. Ad-aware and Spybot Search and Destroy are unable to update. It won't go to Google.
Our IT dept had me download Smitfeldfix from the internet on another machine because we couldn't get there on the infected one. I copied it over on a USB key. It wouldn't run, even in safe mode. When I ran it on my own, uninfected computer, it appeared to run in a DOS box, so I used Windows Explorer to find CMD.EXE in the Windows\system32\ directory to see if I could get it to run that way. No joy. While scrolling, very, very slowly, I might add, through the contents of the system32 directory looking for cmd.exe I found a file named "byXrRKCR.dll" with a revision date of 7/11/08 at 6:32 pm. I don't think that it is part of Windows, do you? Google search on the name turns up nothing.
IT has decided to reformat the box and start over, which, since this is a work computer with no personal software on it, may be a little drastic but will probably be quicker than fighting the infection. If this was a home computer with personal software, finances and so on this would be a disaster.
My questions: Is this a new infection, or an update of an existing problem? Is there an easier way of fixing it than what our IT people are going to do? I'm thinking of next time, and there probably will be a next time.
Sorry this is so long. Thanks for your time.