Alright, well, for future reference, thats key doesn't deal with any startup programs, it's actually a key sued by msconfig during a "diagnostic" startup (or something along those lines). the keys used by windows to start programs are:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Infectious programs generally (for some of the nastier ones) also install Winlogon hooks:
XP:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Vista:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
Another vector is using the "appinit_DLLs" value, in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows.
More info in AppInit_dlls value:
http://support.microsoft.com/kb/197571Programs could also change the association of exefiles, so that instead of running the executable directly (%1) it instead initiates the malware program with the exe file as an argument; for example, by changing it to drive:\Path\to\malware.exe" "%1" %* It usually infects the program in some way and then runs it, so it might not even be noticed.
And of course, the StartUp Folder can be used to run programs every startup, but malware generally stays away from that for some reason (perhaps too obvious)
Here's an interesting article detailing some of these keys and how to use them to remove infections if it ever becomes necessary. It's aimed at windows 2000 but in general aside from moving a few keys (such as the winlogon notify key above) most of the information is still relevant.
