Process Watch options
[Previous] [Main] [Next]


Using ProcessWatch

Ad-aware 6.0 Professional Edition comes with the ProcWatch process-browser.
It allows browsing, scanning and terminating of running processes, as well as using installed extensions on a running process.
The window features the following display:



snap.jpg



The above example shows the process list after using the "Examine" feature.
Recognized processes are highlighted red.Right-click within a list to open the related menu.
If you desire to unload a process, select it and either click the "terminate" button or use the related menu option.
Use the extensions to further examine the process and obtain more information about the executable.

Keyboard shortcuts\functions

Cursor up\down = Navigate through the lists  
F5 = Refresh (Updates the entire list)  
CTRL + N = Jump to next recognized target  
CTRL + P = Jump to previous recognized target  
CTRL + T = Terminate currently selected process  
Process snapshot window

·"Name" - The window title.If the visibility filter is set, windows without a title and not matching a certain windows class will not be listed.  
·"HWND" - This is the handle assigned by Windows to the selected process.  
·"ClassName" - This is the window class name.  
·"Process ID" - Is the unique identifier for the process.  
·"Thread ID" - Is the unique identifier for the main thread of the process.  
·"FileName" - Is the path and file name information of the executable file.  
·"Threads" - Number of threads created by the selected process.  
·"Parent" - The parent process of the selected process.  
·"Priority" - This is the (base) priority of threads created by this process.  

Module snapshot window

·"Module" - File name of the module.  
·"Path" - Full path and file name of the module.  
·"ModuleID" - Module identifier in the context of the owning process.  
·"Used #" - Module usage count in the context of the owning process.  
·"SysUse #" - Global usage count on the module  
·"Base" - Base address of the module relative to the owning process.  
Process-browser buttons (From right to left)

"Filter Visible Windows" - This will activate/deactivate windows filtering. If you wish to view all open processes, turn this feature off.  
"Refresh" - This will refresh the information in the process window.  
"Examine all" - This will cause Ad-aware to scan all the processes listed in the process snapshot window.  
"Terminate" - This will terminate the selected process or module.  

Note: Do not terminate Explorer.This will shut down the shell, and any open explorer window.



Process-browser popup menu

"Examine all" - (Processlist) This will scan the executable files for all processes (Note, using this function deactivates the filtering)  
"Examine Modules" - (Modulelist) This will scan all modules used by the process selected in the process-list  
"Extensions" - (Both) This will allow access to the installed extensions for further analysis of the selected process or module.  
"Show Properties in explorer" - (Both) This will display the Windows properties for the selected process or module.  
"Open folder in explorer" - (Both) This will open the folder that contains the file spawning the selected process or the selected module.  
"Refresh" - (Both) This will perform the same function as the main window button described above.  
"Export HTML report" - (Both) This will export a report of either the processes listed in the process snap shot window (if selected from that window) or the modules listed in the module snapshot window.  
"Export as text document" - (Both) This is the same as the previous report except it will be saved in text format.  
"Print report" - (Both) this will send the report to your printer for the creation of a hard copy.  
"Help" - (Both) This will open the Ad-aware help manual.