Description of the Dr. Watson for Windows
Dr. Watson for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information that Dr. Watson obtains and logs to diagnose a program error. When an error is detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger...
If you don't know what a process is or you come across a suspicious file, search the name using Google, BC's File Database
, File Research Center
or the Process ID Database
. Also see How to determine what services are running under a SVCHOST.EXE process
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click
on the file, Properties
and examine the General and Version tabs.
You can download and use Process Explorer
or Glarysoft Process Manager
to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location
. If you right-click on the file in question and select properties, you will see more details about the file.
The Process Explorer window shows two panes by default: the upper pane
is always a process list and the bottom pane
either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.
If you have XP Pro, you can use Tasklist
to display a list of active processes.
Go to Start > Run and type: cmd
At the command prompt type: tasklist /svc >c:\taskList.txt
Go to Start > Run and type: C:\taskList.txt
press Ok to view the list of processes
The /SVC switch shows the list of active services in each process. For help and syntax information, type the following command, and then press ENTER:tasklist /? or see: Syntax options
You can also use the WMI command-line utility
to view and list processes.
Go to Start > Run and type: cmd
At the command prompt type:WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid
You can also use (type):WMIC /OUTPUT:C:\ProcessList.txt path win32_process get Caption,Processid,Commandline
Go to Start > Run and type: C:\ProcessList.txt
press Ok to view the details of all the processes.
Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
Have your tried running your scans in "Safe Mode
"? If not, do so. Then perform any Online Virus Scans
However, the easier thing to try first is to use System Restore
or System Restore from a command prompt
in "Safe Mode
" to return to a previous state before your problems began?