I was doing a lab to remotely list processes running on a VM Windows XP machine. I was able to run the command, but forgot to take a screenshot. After that I logged in as another user and kicked out the old user logged in.
Now there is a question asking what 3 processes were running under that user.
I was able to answer 2 correctly but can't determine 1 more. The processes are :
1.msmsgs.exe (I chose this correctly as a process running under that user)
2.smss.exe (Not sure - it seems this can ONLY belong to a system)
3.logon.scr (My guess as the last choice)
4.winlogon.exe (Not sure - it seems this can ONLY belong to a system)
5.svchost.exe (Not sure - it seems this can ONLY belong to a system)
6.explorer.exe (I chose correctly as a process running under that user)
Please help choose the last one.
smss.exe and winlogon.exe will never run as anything other than SYSTEM unless there is a virus on the machine. svchost.exe will not normally run as a normal user but it could in theory if a service is configured that way.
So yes, it is most likely that logon.scr (a screen saver) is the 3rd user process.