I got this by a profoundly dumb move, which I am not proud of and dont want to talk about (ran a web dl exe.... why o why (head in hands))
Anyway, it was clear it wasnt doing what it said it was and the firewall started throwing up flags as did the virus scanner.
STEP ONE.... IT WAS ONLY A 17k FILE... YANK THE NET CABLE!
Spybot picked up a load of registry changes(related to zlobdownloader), and hijack this got one (run the file 49aedfef.exe)
However on reboot the processes 49aedfef.exe was running(!)
A google search on this file comes up dry... a sure sign of a fresh virus/malware.
I killed the process, and located the file on the disk and deleted it.
Virus scan, spybot scan and hijack this all look clean now (all with fresh definitions): all running processes look legit and running from files in legit locations.
unfortuantly i didnt keep the logs, but ive wrote down the names of the alien files/ registry entries:
zlobdownloader
stdole.tlb
49aedfef.exe
everythings (looks) fine, just a heads up on the file name.
I owe S&D developers another $20