I just downloaded Systernals Process Explorer to try out. Seems like a nice program, providing lots of info....but I'm not sure how to read some of it.

For example, when different processes are highlighted in different colors, what does that mean? I've seen orange (yellow in the Services section?), green, and even a purple (red in the Explorer.exe blue section?)...and I've looked through their Help file but couldn't find any description that matches the color coding. Can somebody please clue me in here?

Thanks

u can see what the colors are for in Options > Configure highlighting... u can also disable or change teh colors.

Doh! :ouch: Thanks for the help there, Fuser.

OK, so I have a software program which is designated in purple by PE. The color coded designation for purple is "Packed Images". When I search through the Help file for Packed Images, it says the following: malware, including viruses, spyware, and adware is often stored in a packed encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus.

This program being highlighted is a program that I have a subscription for that is due to expire in a few weeks. Just recently, it has began throwing up a nag screen about renewing and expiration....blah, blah, blah.. Could this "nag screen" about renewing be the "packed image" it is referring to?

no that is not what packed images refers to, maybe this will clear things up for you:
-{ Quote: "Sometimes executable files are packed, for various reasons, such as reducing their size and obscuring the contents of the file (for both benign purposes such as protecting an executable from the simplest of reverse engineering attempts and malicious purposes such as changing the file so it evades signature detection by anti-malware apps). This isn't the same as archive packing (formats like zip, rar and so on). When a packed executable file is executed, the file is unpacked into memory. When Process Explorer speaks of packed images, this is what it means. It's good to know what is packed and what isn't, since malware is often packed to avoid signature detection, but not everything that's packed is malware. For example, many open source programs like Gaim and GIMP are also packed.

Own processes are processes running as the currently logged in user (or more precisely, the user that's running Process Explorer). For example, if you have a user account and an admin account, and are logged in as the user, your own processes are those that are running as user, with the same privileges and restrictions you have. Own processes can also be packed." }-
source: Packed images? (http://forum.sysinternals.com/forum_posts.asp?TID=442) (Sysinternals Forums)

Great....so "some legit software does it, as well as some forms of malware". ::) Since it' Spyware Doctor I'm referring to, I'll assume that it's not malware. I am curious why it would be using this technique, though, and what the purpose and/or benefit of it would be.....

first sentence in the quote. u have to ask PC Tools tho, if u want to know the exact reason.