Nihil: yupyup, all in safe mode. also, I used the tools under advanced mode [scanned in safe mode] ... then under the System startup tab, there's this info.... Key: HK_CU: Run... Value: Sygate Personal Firewall Start.... Cmd line: servic.exe...

when I clicked on the right hand tab to get more information[there are 2]it says:
"Database status: Not required - virus, spyware, malware or other resource hog.
Value: Sygate personal firewall start
Filename: services32.exe
Description: added by the RBOT-MB worm."

another one is...
"Database status: Not required - virus, spyware, malware or other resource hog.
Value: Sygate personal firewall start
Filename: servic.exe
Description: added by the RBOT-RY worm."

there wasnt anything under 'Hosts File" except for localhost.
under "BHOs", there were just AcroIEHelper.ocx, SDHelper.dll, & ssv.dll.

so there werent any glaring obviousness other than the servic.exe thingy.

I've downloaded autoruns from the "bleeping computer" link... & I think it's going to take me a few days to decide what looks malicious, etc.
[edit: to add on a few]
But... I've just run it once... and under "logon" tab, there's also Sygate Personal Port.... and Image Path says "File not found: crss.exe

a google search brought me to http://de.trendmicro-europe.com/ente...e=WORM_RBOT.WX

& whatever it is listed down there rings true. :/

to change 'em back to the original value, do I right click & click on modify?
/edit