Definitely something nasty...

My friend got a virus on his computer some time ago. Its called MSRun32.exe, and it is absolutely wreaking havoc on his computer. Really, if it were any slower, time would be going backwards for it. I got rid of the virus, but I hadn't realized at the time that it also infects USB drives, which was plugged in to the computer.
After getting rid of it, I plugged it in again, and CATASTROPHE struck... its become painfully slow... again.... I ran ComboFix and here is the log::

ComboFix 08-12-28.03 - Administrator 2008-12-29 17:51:01.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.317 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\autorun.ini
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\internet.fne
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
D:\Autorun.inf
D:\Shortcut to Turbo C++ IDE.pif
D:\xih9.cmd

----- BITS: Possible infected sites -----

hxxp://nxpagent.airtelbroadband.in
.
(((((((((((((((((((((((((   Files Created from 2008-11-28 to 2008-12-29  )))))))))))))))))))))))))))))))
.

2008-12-26 13:17 . 2008-02-04 12:25	1,900,305	-rahs----	c:\windows\system32\MsRun32.exe
2008-12-26 13:17 . 2008-02-04 12:25	1,900,305	--a------	c:\windows\MsRun32.exe
2008-12-23 15:42 . 2008-12-23 15:42	<DIR>	d--------	c:\windows\Sun
2008-12-23 14:29 . 2008-12-23 14:29	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\KillProcess
2008-12-22 19:50 . 2008-02-04 12:25	1,900,305	--a------	c:\windows\MsR2.exe.byebye
2008-12-22 13:50 . 2008-12-22 13:50	16,244	--a------	c:\windows\system32\rrt_is.wav
2008-12-22 13:50 . 2008-12-22 13:50	7,302	--a------	c:\windows\system32\rrt_vf.wav
2008-12-22 13:50 . 2008-12-22 13:50	7,148	--a------	c:\windows\system32\rrt_tv.wav
2008-12-22 13:50 . 2008-12-22 13:50	6,282	--a------	c:\windows\system32\rrt_tn.wav
2008-12-22 12:39 . 2008-12-22 12:39	<DIR>	d--------	c:\program files\Trend Micro
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\program files\CCleaner
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 12:31 . 2008-12-22 12:31	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-22 12:31 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 12:31 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 12:14	---------	d-----w	c:\documents and settings\All Users\Application Data\avg7
2008-12-29 12:14	---------	d-----w	c:\documents and settings\Administrator\Application Data\AVG7
2008-12-22 07:22	---------	d-----w	c:\program files\Yahoo!
2008-11-22 08:11	---------	d-----w	c:\documents and settings\Administrator\Application Data\dvdcss
2008-11-21 14:09	---------	d-----w	c:\program files\Google
2008-11-17 20:04	2,306,113	----a-w	c:\windows\system32\GPhotos.scr
2008-11-08 07:36	16,896	--sh--w	c:\windows\system32\winocreg.exe
2008-08-15 09:26	44,937,600	----a-w	c:\program files\S-CNX2__-200WF-NSAEN.exe
2008-02-04 06:55	1,900,305	--sha-r	c:\windows\system32\MsRun32.exe
2001-12-31 18:34	15,872	--sh--w	c:\windows\system32\winqcreg.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MSN Messengger"="c:\windows\system32\MsRun32.exe" [2008-02-04 1900305]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"nxpclient"="c:\program files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-12-06 202016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-23 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2002-10-15 20:35 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 21:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneTick]
--a------ 2008-07-08 16:14 319488 d:\program files\ZoneTick\zonetick.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\Airtel\NetXpert\bin\sprtsvc.exe /service /p nxpclient []
R2 ZTime;ZoneTick Time;"d:\program files\ZoneTick\timesync.exe" [2008-07-08 61440]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2002-01-01 18004]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{107dc408-cff6-11dd-9387-00e020753450}]
\Shell\AutoRun\command - F:\MsRun32.exe
\Shell\Open\command - F:\MsRun32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d516f32-ad67-11dd-930e-00e020753450}]
\Shell\AutoRun\command - F:\sq.com
\Shell\explore\Command - F:\
\Shell\open\Command - F:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8caf9cda-fe1c-11d5-9137-92faa5631e75}]
\Shell\AutoRun\command - F:\MsRun32.exe
\Shell\Open\command - F:\MsRun32.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2001-12-31 c:\windows\Tasks\At1.job
- c:\windows\system32\s853dhk7.exe []

2008-09-26 c:\windows\Tasks\At10.job
- c:\windows\system32\s853dhk7.exe []

2008-08-30 c:\windows\Tasks\At11.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At12.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At13.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At15.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At16.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At17.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\s853dhk7.exe []

2008-11-22 c:\windows\Tasks\At19.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At2.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At20.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At21.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At22.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At23.job
- c:\windows\system32\s853dhk7.exe []

2008-12-14 c:\windows\Tasks\At24.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At25.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At26.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At27.job
- c:\windows\system32\fscC6137.exe []

2008-09-11 c:\windows\Tasks\At28.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At29.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At3.job
- c:\windows\system32\s853dhk7.exe []

2001-12-31 c:\windows\Tasks\At30.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At31.job
- c:\windows\system32\fscC6137.exe []

2001-12-31 c:\windows\Tasks\At32.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At33.job
- c:\windows\system32\fscC6137.exe []

2008-09-26 c:\windows\Tasks\At34.job
- c:\windows\system32\fscC6137.exe []

2008-08-30 c:\windows\Tasks\At35.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At36.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At37.job
- c:\windows\system32\fscC6137.exe []

2008-12-29 c:\windows\Tasks\At38.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At39.job
- c:\windows\system32\fscC6137.exe []

2008-09-11 c:\windows\Tasks\At4.job
- c:\windows\system32\s853dhk7.exe []

2008-12-28 c:\windows\Tasks\At40.job
- c:\windows\system32\fscC6137.exe []

2008-12-24 c:\windows\Tasks\At41.job
- c:\windows\system32\fscC6137.exe []

2008-12-29 c:\windows\Tasks\At42.job
- c:\windows\system32\fscC6137.exe []

2008-11-22 c:\windows\Tasks\At43.job
- c:\windows\system32\fscC6137.exe []

2008-12-28 c:\windows\Tasks\At44.job
- c:\windows\system32\fscC6137.exe []

2008-12-28 c:\windows\Tasks\At45.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At46.job
- c:\windows\system32\fscC6137.exe []

2008-12-23 c:\windows\Tasks\At47.job
- c:\windows\system32\fscC6137.exe []

2008-12-14 c:\windows\Tasks\At48.job
- c:\windows\system32\fscC6137.exe []

2008-12-05 c:\windows\Tasks\At49.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At5.job
- c:\windows\system32\s853dhk7.exe []

2008-12-05 c:\windows\Tasks\At50.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At51.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-09-11 c:\windows\Tasks\At52.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At53.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At54.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At55.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-07-11 c:\windows\Tasks\At56.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At57.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-09-26 c:\windows\Tasks\At58.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-08-30 c:\windows\Tasks\At59.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At6.job
- c:\windows\system32\s853dhk7.exe []

2008-12-24 c:\windows\Tasks\At60.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At61.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-29 c:\windows\Tasks\At62.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-23 c:\windows\Tasks\At63.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At64.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-24 c:\windows\Tasks\At65.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-29 c:\windows\Tasks\At66.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-11-22 c:\windows\Tasks\At67.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At68.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-28 c:\windows\Tasks\At69.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2001-12-31 c:\windows\Tasks\At7.job
- c:\windows\system32\s853dhk7.exe []

2008-12-23 c:\windows\Tasks\At70.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-23 c:\windows\Tasks\At71.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-14 c:\windows\Tasks\At72.job
- c:\windows\system32\38nEM6d2.exe [2008-07-11 23:56]

2008-12-10 c:\windows\Tasks\At73.job
- c:\windows\system32\im348Pwf.exe []

2008-12-05 c:\windows\Tasks\At74.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At75.job
- c:\windows\system32\im348Pwf.exe []

2008-09-11 c:\windows\Tasks\At76.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At77.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At78.job
- c:\windows\system32\im348Pwf.exe []

2008-07-23 c:\windows\Tasks\At79.job
- c:\windows\system32\im348Pwf.exe []

2001-12-31 c:\windows\Tasks\At8.job
- c:\windows\system32\s853dhk7.exe []

2008-07-23 c:\windows\Tasks\At80.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At81.job
- c:\windows\system32\im348Pwf.exe []

2008-09-26 c:\windows\Tasks\At82.job
- c:\windows\system32\im348Pwf.exe []

2008-08-30 c:\windows\Tasks\At83.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At84.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At85.job
- c:\windows\system32\im348Pwf.exe []

2008-12-29 c:\windows\Tasks\At86.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At87.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At88.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At89.job
- c:\windows\system32\im348Pwf.exe []

2008-12-24 c:\windows\Tasks\At9.job
- c:\windows\system32\s853dhk7.exe []

2008-12-29 c:\windows\Tasks\At90.job
- c:\windows\system32\im348Pwf.exe []

2008-11-22 c:\windows\Tasks\At91.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At92.job
- c:\windows\system32\im348Pwf.exe []

2008-12-28 c:\windows\Tasks\At93.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At94.job
- c:\windows\system32\im348Pwf.exe []

2008-12-23 c:\windows\Tasks\At95.job
- c:\windows\system32\im348Pwf.exe []

2008-12-14 c:\windows\Tasks\At96.job
- c:\windows\system32\im348Pwf.exe []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\GetFlash.exe
ShellExecuteHooks-{650CA63D-4A01-4BF8-A608-9B1EBB36292E} - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {4771EFAF-B82F-48BC-936A-77C9A013592D} = 203.145.184.32,203.145.184.13
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fskwpc8y.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 

**************************************************************************
.
Completion time: 2008-12-29 17:53:58
ComboFix-quarantined-files.txt  2008-12-29 12:23:55

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

356

I also ran HiJack This, and nothing seemed to be wrong with it... although there was a reference to MSRun32.exe (F2) , which I removed. I also ran Malware bytes, although it did not pick up anything...

Could someone help me with this...?

[EDIT] The MSRun32.exe.byebye was done by me... I had renamed it in the hope that it could be deleted.