PDA

View Full Version : Strange problem with pc time



Alank
22-01-2010, 05:30 PM
Hi everyone

For about the last 2 weeks or so, for some reason the computer time always resets to 1st Dec 2001 1PM after Windows desktop appears.

At first I thought it was the CMOS battery that needed changing but the problem still remains after getting the new battery.

As a first test, I set the correct time in the BIOS and then powered the computer off. Turned on again several hours later, checked BIOS and the correct time was still there.

When the desktop loads the correct date and time is there but it then changes back to 01/12/01 before everything has finished loading. After doing that, and checking the BIOS, the system date and time has also changed back to 01/12/01 also.

I've ran several virus, trojan and malware scanners but nothing found and there is nothing unusual showing up in task manager.

Then I ran Hijackthis and here is the log:

ogfile of HijackThis v1.99.1
Scan saved at 2:30:16 p.m., on 22/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\Program Files\Citrix\ICA Client\ssonsvr.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Program Protector\ProtectorService.exe
G:\Program Files\NetComm\Common\RegistryWriter.exe
G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\windows\ffpext\ffpsrv.exe
G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\PROGRA~1\FULLCO~1\fc.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
G:\Program Files\Pop up Blocker Pro\pdie.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\NetComm\Common\RaUI.exe
F:\Apps\scthemes\scthemes.exe
G:\WINDOWS\system32\wbem\wmiprvse.exe
G:\WINDOWS\System32\alg.exe
G:\PROGRA~1\FULLCO~1\bds2.exe
G:\Program Files\Java\jre6\bin\jucheck.exe
E:\My Documents 2\HijackThis.exe
G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/advanced_search?hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1094
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhaps ody_app*.listen.com;wamcsg.wastemanagement.co.nz;w ww.nzherald.co.nz;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.com/"); (G:\Documents and Settings\Alan\Application Data\Mozilla\Profiles\default\zook8chs.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (G:\Documents and Settings\Alan\Application Data\Mozilla\Profiles\default\zook8chs.slt\prefs.j s)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Apps\Acrobat 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - G:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - G:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FFPSRV] g:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "G:\Program Files\Norton SystemWorks Premier\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [FullCtl] G:\PROGRA~1\FULLCO~1\fc.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pop up Blocker Pro] "G:\Program Files\Pop up Blocker Pro\pdie.exe" Minimize
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: ScreenThemes.lnk = F:\Apps\scthemes\scthemes.exe
O4 - Global Startup: NetComm Wireless Utility.lnk = G:\Program Files\NetComm\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Apps\Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - G:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - G:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Pop up Blocker Pro - {28D0B6F2-3803-451C-BDB9-1CACEA150C72} - G:\Program Files\Pop up Blocker Pro\pdie.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - G:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - G:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = redshift10000.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10.1.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{56375E7C-4071-46A2-B2A2-3687CEE80358}: NameServer = 10.1.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - G:\Program Files\Network LookOut\NME Professional\bin\NLSAgentSvc.exe (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Program Protector System Service (ProgramProtectorService) - Unknown owner - G:\Program Files\Program Protector\ProtectorService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - G:\Program Files\NetComm\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - G:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


So I am stumped as what could be the cause. Any help or suggestions much appreciated.

Cheers, Alan

Speedy Gonzales
22-01-2010, 05:45 PM
Did you install todays update, since it affects IE 6? I would update IE to 7 or 8

You can tick these tick fix checked

Close browsers. Did you reconfigure the BIOS settings, after you replaced the battery?

I would uninstall Symantec and install something better

I would uninstall these. Do you know what they are , and what they do? Are these part of folder protector?

G:\Program Files\Program Protector\ProtectorService.exe

G:\Program Files\NetComm\Common\RegistryWriter.exe

Whats this and this??

G:\PROGRA~1\FULLCO~1\fc.exe

G:\PROGRA~1\FULLCO~1\bds2.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Whats this ?

O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11.exe

Alank
22-01-2010, 07:05 PM
Did you install todays update, since it affects IE 6? I would update IE to 7 or 8

You can tick these tick fix checked

Close browsers. Did you reconfigure the BIOS settings, after you replaced the battery?

I would uninstall Symantec and install something better

I would uninstall these. Do you know what they are , and what they do? Are these part of folder protector?

G:\Program Files\Program Protector\ProtectorService.exe

G:\Program Files\NetComm\Common\RegistryWriter.exe

Whats this and this??

G:\PROGRA~1\FULLCO~1\fc.exe

G:\PROGRA~1\FULLCO~1\bds2.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {8A63D6DC-14E6-4DDE-9968-E9F6A5D9A4C9} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Whats this ?

O23 - Service: bardon12 - Unknown owner - G:\Program Files\Full Control 2\bardon11.exe

Thank you Speedy, most of those you were not sure of are okay and I installed the latest IE update today but an update to at least 7 is long overdue :D

Protector service is a program that allows you to password protect any executable while Registrywriter must be software to do with my Netcomm adsl router. Fc, Bds2 and bardon11 are all from another software which locks down the desktop like GPOs.

I'll let you know how I get on.

Alan

Speedy Gonzales
22-01-2010, 07:11 PM
Okie dokie then

Alank
24-01-2010, 03:40 PM
Well, I've tried everything suggested. Updated windows, IE explorer, checked BIOS, ran antivirus and spyware which removed some things and registry repairers but and nothing has worked.

I'm still stuck with it continually reverting back to 1/12/2001 1pm as the desktop loads. This also happens when booting via safe mode too.

I'm at my wits end :badpc: Apart from reinstalling windows, is there anything else that can be done?

Thanks
Alan

Speedy Gonzales
24-01-2010, 03:45 PM
Is it on the right timezone in windows?? Doesnt sound like it is, if it does the same thing in safe mode

stormdragon
24-01-2010, 04:12 PM
Are you sure the new CMOS battery is all good?

fred_fish
24-01-2010, 05:25 PM
Protector service is a program that allows you to password protect any executable while Registrywriter must be software to do with my Netcomm adsl router. Fc, Bds2 and bardon11 are all from another software which locks down the desktop like GPOs.

I would suspect one of these.

Alank
24-01-2010, 11:18 PM
Thanks all but.
The computer is in the right time zone - shows as GMT + 12 hours but even if not that does not explain it reverting back to 2001. The cmos battery must be okay as the time only resets while loading the windows desktop. Other changes in the BIOS have also been kept.

Those other programs FC and protector have been there long before the clock problem which has only been around for 2 weeks.

12steps
25-01-2010, 11:13 AM
have you tried doing a system restore to a date prior to this issue first occuring?

Terry Porritt
25-01-2010, 11:47 AM
You have to bear in mind that the real time clock chip could have developed a fault, if so there is not much you can do.

Alank
25-01-2010, 12:36 PM
Thanks, I'll try the system restore to say a month prior and if that doesn't work will install XP on another partition and see if still occurs.

If so, will look at getting a new system as case and mboard getting old now

trinsic
25-01-2010, 12:41 PM
Have you installed any cracks/patches for any programs? Some like to work on reverting the clock back to a date before the program expires so it stays free.

Just a thought.

Alank
25-01-2010, 12:57 PM
Have you installed any cracks/patches for any programs? Some like to work on reverting the clock back to a date before the program expires so it stays free.

Just a thought.

Hi, I know of such a thing but no haven't done or tried anything like that :D

Alank
26-01-2010, 09:09 AM
Last night I installed XP on a new partition so that it is dual booting with the old for the time being. The windows clock is fine on the fresh install :)

No idea what is wrong on the old as never could find. I only had system restores going back to the beginning of this month and the 1/1/2010 failed to work.

Thanks for your help and suggestions everyone.


Alan

Agent_24
26-01-2010, 09:41 AM
So it is definitely something going on with the old installation of windows...

I wonder if it is some rootkit that loads even in safe mode, pretending to be a highly critical system service or something.

Try scanning the old install of Windows for viruses from the new one you just did.

OR do you have anything installed that still runs, even in safe mode, that isn't a windows system service\process?

Those security programs you spoke of, would they still run in safe mode?