Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dr. Watson: Task Manager shows several entrties. Why?


  • Please log in to reply
5 replies to this topic

#1 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:10:38 PM

Posted 11 August 2012 - 07:16 AM

Good morning everyone,

I was just looking at my Task Manager, and noticed in the list of processes shown, there are something like 6 or 7 entries of "drwtsn32.exe" (or something similar) shown as running. Can someone explain to me why this is occurring and what I can do to resolve this issue?

I do not believe this "Dr. Watson" program (although it is legitimate) should be even showing up in my Task Manager...much less 6 or 7 times. I don't recall having even activated this program.

*What caused me to check Task Manager was I seemed to notice my system taking just a little too long to perform certain simple, routine things, such as, bringing up the password entry box so I can disable the File/Folder Lock feature I have within my AV program. (System specs shown in signature line).

Scans with my AV, MBAM Pro & SAS are clean.

* UPDATE: I HAVE GONE AHEAD AND ENDED EACH OF THE "DR. WATSON" PROCESSES PREVIOUSLY MENTIONED & REBOOTED MY COMPUTER. THIS SEEMS TO HAVE REMEDIED THE ISSUE I INITIALLY REPORTED *

Thank you for your time and review of my post!

Edited by hamluis, 11 August 2012 - 12:12 PM.
Moved to Am I Infected from XP - Hamluis.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 PM

Posted 11 August 2012 - 08:44 AM

If Dr. Watson is running...it probably indicates some problem with your system, IMO.

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

Louis

#3 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:10:38 PM

Posted 11 August 2012 - 09:18 AM

Hi Louis & thanks very much for your help with this issue,

Here is the result of the MiniToolBox scan. The SPECCY snapshot link follows.

* NOTE: In the instances where errors are indicated involving Stamps.com (ipostage)...when these occurred, I kept having to do a <CTRL>, <ALT>, <DEL> just to exit out of the program & get back to the Task Manager to end the process beause of a particular problem I was encountering with the program. I subsequently contacted Stamps.com support and the issue was corrected...(at least I haven't had any further problem with the program).

Stamps.com tech support resolved the problem by having me run REGEDIT, then delete two specific Stamps.com registry keys (or values - - not sure just which).

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administratorpete (administrator) on 11-08-2012 at 10:11:33
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/11/2012 10:10:27 AM) (Source: Ci) (User: )
Description: Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Error: (08/11/2012 10:10:27 AM) (Source: Ci) (User: )
Description: Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Error: (08/11/2012 08:44:36 AM) (Source: Ci) (User: )
Description: Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Error: (08/11/2012 08:44:36 AM) (Source: Ci) (User: )
Description: Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Error: (08/10/2012 07:56:07 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1249843584.

Error: (08/10/2012 07:56:04 PM) (Source: Application Hang) (User: )
Description: Hanging application ipostage.exe, version 9.6.1.2323, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/10/2012 07:55:05 PM) (Source: Application Error) (User: )
Description: Fault bucket -1245020688.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/10/2012 07:55:02 PM) (Source: Application Error) (User: )
Description: Faulting application ipostage.exe, version 9.6.1.2323, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4.
Processing media-specific event for [ipostage.exe!ws!]

Error: (08/10/2012 07:50:23 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1249843584.

Error: (08/10/2012 07:50:19 PM) (Source: Application Hang) (User: )
Description: Hanging application ipostage.exe, version 9.6.1.2323, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/11/2012 10:03:15 AM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/11/2012 10:03:15 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/11/2012 08:37:30 AM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/11/2012 08:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/10/2012 07:38:34 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (08/07/2012 09:57:12 PM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/07/2012 09:57:12 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/07/2012 04:19:48 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Error: (08/07/2012 01:18:26 PM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/07/2012 01:18:26 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (08/11/2012 10:10:27 AM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci3221225477

Error: (08/11/2012 10:10:27 AM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci3221225477

Error: (08/11/2012 08:44:36 AM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci3221225477

Error: (08/11/2012 08:44:36 AM) (Source: Ci)(User: )
Description: c:\system volume information\catalog.wci3221225477

Error: (08/10/2012 07:56:07 PM) (Source: Application Hang)(User: )
Description: -1249843584

Error: (08/10/2012 07:56:04 PM) (Source: Application Hang)(User: )
Description: ipostage.exe9.6.1.2323hungapp0.0.0.000000000

Error: (08/10/2012 07:55:05 PM) (Source: Application Error)(User: )
Description: -1245020688

Error: (08/10/2012 07:55:02 PM) (Source: Application Error)(User: )
Description: ipostage.exe9.6.1.2323msvcr80.dll8.0.50727.6195000046b4

Error: (08/10/2012 07:50:23 PM) (Source: Application Hang)(User: )
Description: -1249843584

Error: (08/10/2012 07:50:19 PM) (Source: Application Hang)(User: )
Description: ipostage.exe9.6.1.2323hungapp0.0.0.000000000


=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
avast! EasyPass (Version: 7-6-3)
Battleship
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.21)
Chessmaster Challenge
Deer Drive Free Trial
Defraggler (Version: 2.10)
Dell Toolbar (Version: 1.8.12.0)
Dig Dug
Digger Adventures
Google Update Helper (Version: 1.3.21.111)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.6.3.25)
Jasc Paint Shop Photo Album (Version: 4.0.4)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee SiteAdvisor (Version: 3.5.227)
McAfee Virtual Technician (Version: 5.5.2.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 2.1.6805.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Outpost Security Suite Pro 7.5.3 (Version: 7.5.3)
POP Peeper
QuickTime (Version: 7.72.80.56)
Recuva (Version: 1.42)
SoundMAX (Version: 5.12.01.5246)
Speccy (Version: 1.17)
SpywareBlaster 4.6 (Version: 4.6.0)
Stamps.com
Stamps.com (Version: 9.6.1.2323)
Stamps.com Application Support for Microsoft Word 2000-2010 (Version: 8.7.0.1506)
Stamps.com support for Microsoft Word 2000-2010
SUPERAntiSpyware (Version: 5.0.1150)
System Requirements Lab for Intel (Version: 4.4.24.0)
The Weather Channel App
The Weather Channel Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Word Challenge Extreme
WOT for Internet Explorer (Version: 10.12.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2045.98 MB
Available physical RAM: 1304.38 MB
Total Pagefile: 3940.73 MB
Available Pagefile: 3204.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.95 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:20.54 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL-4F14C780CA

Administrator B Administratorpete ASPNET
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


http://speccy.piriform.com/results/rS1E0eV3LTYCxjqDx02XFTY

Edited by spc3rd, 11 August 2012 - 09:47 AM.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 PM

Posted 11 August 2012 - 12:12 PM

Indexing error code: 3221225477 - 0xc0000005 = STATUS_ACCESS_VIOLATION - From newsgroups postings, this is an memory access violation error.

This could be a number of things...I would just turn off indexing function.

http://support.microsoft.com/kb/899869

All references I find for "newdriver service" point to malware topics, driver is not Windows service.

ScRegSetValueExW call failed for Type...can be caused by various things, error meaning is that something tried to access a section of the registry it's not allowed to.

Since I have no clue to the newdriver service mentioned, I will move thisi topic to the Am I Infected forum for a look by the more knowledgeable.

Louis

#5 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:10:38 PM

Posted 11 August 2012 - 02:20 PM

One additional notation here regarding the issue concerning NEWDRIVER. (Don't know if it is of any significance or not).

When I ran the Process Explorer application, clicked on the DRIVERS tab, I see the following information:

NEWDRIVER File not found: C:\WINDOWS\system32\WinVDEdrv6.sys.

I have also turned off the INDEXING SERVICE as Louis recommended.

Regards & thanks for any assistance.,

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#6 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:10:38 PM

Posted 13 August 2012 - 08:18 AM

Just a correction to my last post. The actual program I ran was, Autoruns.exe - NOT Process Explorer as I originally stated.

Regards,

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users