| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 106769 | 2010-01-22 04:30:00 | Strange problem with pc time | Alank (10156) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 850876 | 2010-01-22 04:30:00 | Hi everyone For about the last 2 weeks or so, for some reason the computer time always resets to 1st Dec 2001 1PM after Windows desktop appears . At first I thought it was the CMOS battery that needed changing but the problem still remains after getting the new battery . As a first test, I set the correct time in the BIOS and then powered the computer off . Turned on again several hours later, checked BIOS and the correct time was still there . When the desktop loads the correct date and time is there but it then changes back to 01/12/01 before everything has finished loading . After doing that, and checking the BIOS, the system date and time has also changed back to 01/12/01 also . I've ran several virus, trojan and malware scanners but nothing found and there is nothing unusual showing up in task manager . Then I ran Hijackthis and here is the log: ogfile of HijackThis v1 . 99 . 1 Scan saved at 2:30:16 p . m . , on 22/01/2010 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: G:\WINDOWS\System32\smss . exe G:\WINDOWS\system32\csrss . exe G:\WINDOWS\system32\winlogon . exe G:\WINDOWS\system32\services . exe G:\WINDOWS\system32\lsass . exe G:\WINDOWS\system32\svchost . exe G:\WINDOWS\system32\svchost . exe G:\WINDOWS\System32\svchost . exe G:\WINDOWS\system32\svchost . exe G:\WINDOWS\system32\svchost . exe G:\WINDOWS\system32\svchost . exe G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe G:\Program Files\Citrix\ICA Client\ssonsvr . exe G:\WINDOWS\system32\spoolsv . exe G:\WINDOWS\system32\svchost . exe G:\WINDOWS\Explorer . EXE G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc . exe G:\Program Files\Java\jre6\bin\jqs . exe G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT . EXE G:\WINDOWS\system32\nvsvc32 . exe G:\Program Files\Program Protector\ProtectorService . exe G:\Program Files\NetComm\Common\RegistryWriter . exe G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB . EXE G:\WINDOWS\system32\svchost . exe G:\Program Files\Java\jre6\bin\jusched . exe G:\windows\ffpext\ffpsrv . exe G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe G:\PROGRA~1\FULLCO~1\fc . exe G:\WINDOWS\system32\ctfmon . exe G:\Program Files\Spybot - Search & Destroy\TeaTimer . exe G:\Program Files\Pop up Blocker Pro\pdie . exe G:\WINDOWS\system32\wuauclt . exe G:\Program Files\NetComm\Common\RaUI . exe F:\Apps\scthemes\scthemes . exe G:\WINDOWS\system32\wbem\wmiprvse . exe G:\WINDOWS\System32\alg . exe G:\PROGRA~1\FULLCO~1\bds2 . exe G:\Program Files\Java\jre6\bin\jucheck . exe E:\My Documents 2\HijackThis . exe G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . google . co . nz/advanced_search?hl=en" target="_blank">www . google . co . nz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1094 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;cgi* . ebay . com;disney . go . com;msa_e1 . ebay . com;rhaps ody_app* . listen . com;wamcsg . wastemanagement . co . nz;w ww . nzherald . co . nz;<local> N3 - Netscape 7: user_pref("browser . startup . homepage", " . netscape . com/"" target="_blank">www . netscape . com); (G:\Documents and Settings\Alan\Application Data\Mozilla\Profiles\default\zook8chs . slt\prefs . j s) N3 - Netscape 7: user_pref("browser . search . defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01 . src"); (G:\Documents and Settings\Alan\Application Data\Mozilla\Profiles\default\zook8chs . slt\prefs . j s) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Apps\Acrobat 7\ActiveX\AcroIEHelper . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO . dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv . dll O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - G:\WINDOWS\system32\adsubtb . dll O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE G:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched . exe" O4 - HKLM\ . . \Run: [FFPSRV] g:\windows\ffpext\ffpsrv . exe O4 - HKLM\ . . \Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp . exe" O4 - HKLM\ . . \Run: [NSWosCheck] "G:\Program Files\Norton SystemWorks Premier\osCheck . exe" O4 - HKLM\ . . \Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck . exe" O4 - HKLM\ . . \Run: [FullCtl] G:\PROGRA~1\FULLCO~1\fc . exe /startup O4 - HKCU\ . . \Run: [ctfmon . exe] G:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer . exe O4 - HKCU\ . . \Run: [Pop up Blocker Pro] "G:\Program Files\Pop up Blocker Pro\pdie . exe" Minimize O4 - Startup: AdSubtract . lnk = C:\Program Files\interMute\AdSubtract\AdSub . exe O4 - Startup: ScreenThemes . lnk = F:\Apps\scthemes\scthemes . exe O4 - Global Startup: NetComm Wireless Utility . lnk = G:\Program Files\NetComm\Common\RaUI . exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub . exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub . exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub . exe/359 O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIECaptureSelLinks . html O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIEAppendSelLinks . html O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Convert to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload . htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - G:\Program Files\GetRight\GRbrowse . htm O9 - Extra button: Pop up Blocker Pro - {28D0B6F2-3803-451C-BDB9-1CACEA150C72} - G:\Program Files\Pop up Blocker Pro\pdie . exe O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - G:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick . lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - G:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick . lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs . exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - . symantec . com/techsupp/asa/ctrl/tgctlsi . cab" target="_blank">www . symantec . com O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - . symantec . com/techsupp/asa/ctrl/tgctlsr . cab" target="_blank">www . symantec . com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - . symantec . com/techsupp/asa/ctrl/LSSupCtl . cab" target="_blank">www . symantec . com O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlsr . cab" target="_blank">www-secure . symantec . com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - . symantec . com/techsupp/asa/ctrl/SymAData . cab" target="_blank">www . symantec . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10 . 1 . 1 . 1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = redshift10000 . com O17 - HKLM\System\CS3\Services\Tcpip\ . . \{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10 . 1 . 1 . 1 O17 - HKLM\System\CS4\Services\Tcpip\ . . \{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10 . 1 . 1 . 1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1 . DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1 . DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj . dll O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc . exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc . exe O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11 . exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe" /h ccCommon (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs . exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs . conf (file missing) O23 - Service: LiveUpdate - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\LuComServer_3_4 . EXE O23 - Service: LiveUpdate Notice - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst . exe" /h ccCommon (file missing) O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - G:\Program Files\Network LookOut\NME Professional\bin\NLSAgentSvc . exe (file missing) O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT . EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32 . exe O23 - Service: Program Protector System Service (ProgramProtectorService) - Unknown owner - G:\Program Files\Program Protector\ProtectorService . exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp . - G:\Program Files\NetComm\Common\RegistryWriter . exe O23 - Service: Remote Packet Capture Protocol v . 0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd . exe" -d -f "%ProgramFiles%\WinPcap\rpcapd . ini (file missing) O23 - Service: ServiceLayer - Nokia . - G:\Program Files\PC Connectivity Solution\ServiceLayer . exe O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB . EXE O23 - Service: Symantec Core LC - Unknown owner - G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc . exe So I am stumped as what could be the cause . Any help or suggestions much appreciated . Cheers, Alan |
Alank (10156) | ||
| 850877 | 2010-01-22 04:45:00 | Did you install todays update, since it affects IE 6? I would update IE to 7 or 8 You can tick these tick fix checked Close browsers. Did you reconfigure the BIOS settings, after you replaced the battery? I would uninstall Symantec and install something better I would uninstall these. Do you know what they are , and what they do? Are these part of folder protector? G:\Program Files\Program Protector\ProtectorService.exe G:\Program Files\NetComm\Common\RegistryWriter.exe Whats this and this?? G:\PROGRA~1\FULLCO~1\fc.exe G:\PROGRA~1\FULLCO~1\bds2.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Whats this ? O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11.exe |
Speedy Gonzales (78) | ||
| 850878 | 2010-01-22 06:05:00 | Did you install todays update, since it affects IE 6? I would update IE to 7 or 8 You can tick these tick fix checked Close browsers. Did you reconfigure the BIOS settings, after you replaced the battery? I would uninstall Symantec and install something better I would uninstall these. Do you know what they are , and what they do? Are these part of folder protector? G:\Program Files\Program Protector\ProtectorService.exe G:\Program Files\NetComm\Common\RegistryWriter.exe Whats this and this?? G:\PROGRA~1\FULLCO~1\fc.exe G:\PROGRA~1\FULLCO~1\bds2.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Whats this ? O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11.exe Thank you Speedy, most of those you were not sure of are okay and I installed the latest IE update today but an update to at least 7 is long overdue :D Protector service is a program that allows you to password protect any executable while Registrywriter must be software to do with my Netcomm adsl router. Fc, Bds2 and bardon11 are all from another software which locks down the desktop like GPOs. I'll let you know how I get on. Alan |
Alank (10156) | ||
| 850879 | 2010-01-22 06:11:00 | Okie dokie then | Speedy Gonzales (78) | ||
| 850880 | 2010-01-24 02:40:00 | Well, I've tried everything suggested . Updated windows, IE explorer, checked BIOS, ran antivirus and spyware which removed some things and registry repairers but and nothing has worked . I'm still stuck with it continually reverting back to 1/12/2001 1pm as the desktop loads . This also happens when booting via safe mode too . I'm at my wits end :badpc: Apart from reinstalling windows, is there anything else that can be done? Thanks Alan |
Alank (10156) | ||
| 850881 | 2010-01-24 02:45:00 | Is it on the right timezone in windows?? Doesnt sound like it is, if it does the same thing in safe mode | Speedy Gonzales (78) | ||
| 850882 | 2010-01-24 03:12:00 | Are you sure the new CMOS battery is all good? | stormdragon (6013) | ||
| 850883 | 2010-01-24 04:25:00 | Protector service is a program that allows you to password protect any executable while Registrywriter must be software to do with my Netcomm adsl router. Fc, Bds2 and bardon11 are all from another software which locks down the desktop like GPOs. I would suspect one of these. |
fred_fish (15241) | ||
| 850884 | 2010-01-24 10:18:00 | Thanks all but. The computer is in the right time zone - shows as GMT + 12 hours but even if not that does not explain it reverting back to 2001. The cmos battery must be okay as the time only resets while loading the windows desktop. Other changes in the BIOS have also been kept. Those other programs FC and protector have been there long before the clock problem which has only been around for 2 weeks. |
Alank (10156) | ||
| 850885 | 2010-01-24 22:13:00 | have you tried doing a system restore to a date prior to this issue first occuring? | 12steps (14778) | ||
| 1 2 | |||||