Here's the fix we're implementing:

Via our network login script, we're first pushing the Microsoft RPC/DCOM Patch, then
deleting the registry keys via WSCRIPT (can supply the VBS by request), then
delete the C:\winnt\system32\wins directory and its contents then
we validate the fix(s) by running McAfee STINGER.EXE to scan all local disks.

That should prevent future infection, prevents recurrence by wacking the executables and registry entries.

All-in-all we could have avoided this by 1) having desktops patched and 2) putting desktop policies in place to eliminate installation of software locally (non-admin account).