I use winXP also.
Your list indicates:
Grisoft AVG running, set to auto-update, auto-start and as resident protection)
(avgcc.exe, avgupsvc.exe, avgamsvr.exe & avgemc.exe)
your task manager open at the time (taskmgr.exe).
zone alarm firewall (zlclient.exe).
spybot S&D (SpybotSD.exe).
Webroot spysweeper (Spysweeper.exe),
Lavasoft Ad-Aware (Adaware.exe) is where I wonder,
since mine shows (Ad-Aware.exe)
and I know from the startup database click here
that some malware mimics some processes.
(just type in exactly as seen to the search box any of the ones you listed)
Assuming you may have mis-typed that one, continuing (still all good):
winlogon.exe = normal winXP process, for logging on (perhaps fast user switch feature)
explorer.exe = windows explorer normal process
svchost.exe = a service running, and typically more than one will at any given time.
lsass.exe = normal windows process
services.exe = typically a normal windows process
csrss.exe = normally running windows process
smss.exe = also normal for the OS to run
wanmpsvc.exe = windows updater is active
spoolsv.exe = related to your printer, but how the OS "sees it".
System System Idle Process = normal
Basically I can say "mine does too" to all the above when I check the taskmanager.
The next ones are all "probably" what they seem to be.
Unless you are certain of the file path(s) involved,
it is possible that malware can use the same process filenames
by having them in different locations for a different purpose than
the original was designed to do.
You can tell by searching for each using your Search function,
enabling it to find all files hidden or otherwise when setting the advanced modes.
( the "advanced" search)
and checking where each of those .exe is located,
and whether there are any duplications.
Assuming that they all are started from the normal location,
and that is probable ...
hpotdd01.exe = HP software. info
ProMon.exe = a system tray icon. info
msn6.exe = an unknown.
GWMDMMSG.exe = an optional starting process. info
HPZipm12.exe = HP printer related. info
hkcmd.exe = an optional startup. info
aim.exe = AOL instant messenger. info
msmsgs.exe = windows messenger utility. info
ViewMgr.exe = an optional startup. info
vsmon.exe = probably zone alarm related. info
qttask.exe = related to quicktime. (probably) info
mm_tray.exe = (optional) music match jukebox. info
PRISMXL.exe = probably a remote computer management system process. info
NMSSvc.Exe = a maybe. info
The bottomline being one unknown, using typical online search & in particular the startup database here at bleepingcomputer.com
How you adjust your PC is up to you.
Before doing anything I would have done what I did.
Even then, I'd question after searching my own PC for filepaths,
I'd submit any questionable ones to one of these online scans to get a better idea
of the true nature of the exact file that is running at any given time,
until I became familiar with the idiosyncricies of the PC as it is operating.virus totalvirus scankaspersky individual file virus scan
Hope that helps to answer a question everyone should ask.
Edited by phawgg, 09 April 2005 - 05:59 PM.