OK Spybot did detect this one at first, but did not remove all of the files and it reinstalled within minutes of being removed. The executeable file I found and removed was Vsl04.exe once removed, no reinfections occurred.
This little bugger plaqced ad.html in the winnt directory and then turned on active directory and placed that page as the page to show on the desktop.
This page spawns some 100 popup adds, downloaders etc. all at once, filling up the desktop entirely. It continues every time the screen is refreshed slamming a new load of popups each time.
This all occurred when a user mistakenly entered a web site address manully for stanley steamer carpet cleaning. He says the site he entered was wxx.stanleysteemer.com (it may be a slight variation of that) the infection and popup slam happened immediately upon loading the page. I haven't tried it myself, since I don't have a test computer available at the moment. The legitimate site for stanley steamer carpet cleaner is completely different.