The entries you've highlighted are normal for a Windows XP system, are related to the Windows 2000/XP WinLogon Event Handler Service and Spybot S&D 1.4 was the first version to display them. Malware that affect these entries do exist, but you don't appear to have any, so leave them alone.
You do have one additional entry that isn't included in XP by default, but it's there to support your ATI video:
Code:
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
ati2evxx.dll
ATI2EVXX.DLL is an ATI External Event Utility DLL Module.
ATI Technologies Inc.
ATI External Event Utility for NT, W2K and W9X
The following is much more technical information about these entries found on the Microsoft Developers site.
The general description of these entries displayed by Spybot 1.4 is found in the Microspoft MSDN Library here:
http://msdn.microsoft.com/library/en...n_packages.asp
Winlogon Notification Packages
Winlogon notification packages are DLLs that receive and handle events generated by Winlogon. You can implement such a notification package to monitor and respond to Winlogon events. This is useful for applications that need to perform additional processing during logon or logoff, or maintain state information that must be updated when Winlogon events occur.
For more information about Winlogon and GINAs, see Winlogon and GINA.
Windows NT and Windows Me/98/95: Winlogon notification packages are not supported.
Note the last line, these entries have existed in Windows 2000 and XP, but not earlier versions of Windows. They were NOT added by Spybot S&D 1.4, it simply was the first version that started to display them.
The description of how the specific registry entries are created is:
http://msdn.microsoft.com/library/de...ry_entries.asp
Registry Entries
In order for your package to receive event notifications from Winlogon, you must provide the name of the package, the names of the event handler functions in the package, the DLL responsible for implementing the package, and information about whether the DLL supports asynchronous events and impersonation.
You should create the notification package registry key as a subkey of
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
The name of the key is usually the same as the name of the DLL; however, this is not mandatory. The name chosen for your package must not conflict with the names of other installed notification packages.