Thank you for your replies. I probably did have two instances of notepad open when Task Manager reported them. I verified that tonight by opening and closing notepad while watching TM. (Duh-me, thanks for the insight). Oh, and I got rid of Reg-cure as soon as it asked me for money. I've got none of that...
So then I updated and ran Ad-Aware (notepad had been opened once during the session) and was closed while I ran ad-aware.
The same two "Windows Vulnerability" "Critical Objects" came back:
object type= RegData, Object: "HKEY_CLASSES_ROOT:regfile\shell\open\command"" (notepad.exe %1)
object type= RegData, Object: "HKEY_CLASSES_ROOT:scrfile\shell\open\command"" (notepad.exe %1)
Adaware reported "Location" as:
Ad-aware Description "General Windows Security Issue. Your system security may be compromised... (no details)
So I deleted them as usual, but they keep coming back. I am using webroot spyware and virus package, and replaced my firewall to match my other PC (still trying to network them)
I just ran both files through Jotti. Cool site. Found nothing, however. The notepad files are in c:\windows and c\windows\system32.
I'll try superantispyware and read those forums.
Thanks, guys. You are great.