ber8630
asked on
System Clock Continually Offsets by even amounts of time, and Time Zone is Correct
I don't know why, I have not installed any new software lately, but around two weeks ago, I noticed my system clock was off by five hours (behind). Since it was exactly that amount compared to the DC, I thought it was something to do with the time zone getting shifted somehow, so I checked, and it was set to the proper time zone. So, I reset the time, and around 20 minutes later, it had changed again, five hours behind. This time I used the net time command to force it to look at the DC, it changed the time and 20 minutes later is was behind again. This happens whether I have an active connection to the internet or not. I thought it would cause me to have problems working the domain enviroment given the obvious offsets, but it has not so far, just showing inaccurate times on file edit, creation and email tracking. It is a relatively speaking, small problem, but it is driving me nuts.
PLEASE HELP!
Blaine
PLEASE HELP!
Blaine
in the end, its <some> program that is setting the time. check the services, if you have running this worthless time update service and disable that. also open up the taskman and list any process name thats suspicious to you
ASKER
I believe you are right, if I open up the clock dialogue and just watch it, it tends to take longer. It "waits until I am not looking" to change. The problem is, I have opened task manager and to watch any process fire at the same instance the time changes, but it is not working out. Is there any particular process you would watch for? It does seem to change everytime I receive an email. Does that help? Or, am I just dreaming. I am not running any atomic clock software or anything of that sort.
Thanks!!!
Thanks!!!
the time-updater service i.e. runs under the name "svchost.exe", so you cannot really make them out in the taskman. click start -> run -> enter "services.msc" and check for a service name like "winows-time-updater" or somehow. look into the properties by doubleclicking on it, you should see a service name "W32Time". click on "stop", then choose above the type "deactivated". it really sounds like its up to that service :)
ASKER
OK, none of these suggestions are giving me much direction. I have tried several things and tried to monitor when it changes relative to processes in the system manager. Nothing is giving much of a hint. I was out of town for the last week and not connected to the domain, so watched it there. It was have similar issues with the clock changing there. What I have noticed is that is retards my time by exact 5 hours everytime. Even if I change the time zone to something different and change the time its does the same thing. Now, if I leave the clock set at 5 hours behind, it seems to be happy in perpetuity. I dont know if this helps any, but I am just trying to narrow the field of possibilities.
Thanks!!!
Thanks!!!
ASKER
I am increasing the points, because this is frustrating me. I am not sure it is really affecting much, but I still would like to know how to fix it.
THANKS!!!
Blaine
THANKS!!!
Blaine
ASKER
Too bad. This will be the first time that this site has failed me.
sorry, dont have much ideas left. i still suspect some running process. if you experience the next time-change, simply close on of your applications - then wait again. repeat that until all applications are gone. this way we are sure those applications are not the reason. the next would be killing "not familiar" processes in the taskmanager (the "process" tab).some tasks arend terminatable. for making this work a bit easier, click on start -> run, enter "cmd" and enter into the console window the line "tasklist". now click with the mouse on the icon in the upper left corner of the window, select edit and then select. now you can select all the printed processes with the mouse. then right-click and select copy. paste the content (process names are enough) here, so i might show you some processes which seem to be suspect.
ASKER
Thanks for your input!!!
Blaine
C:\Program Files\Support Tools>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 236 K
smss.exe 740 Console 0 388 K
csrss.exe 812 Console 0 4,952 K
winlogon.exe 836 Console 0 9,684 K
services.exe 880 Console 0 4,968 K
lsass.exe 892 Console 0 6,608 K
svchost.exe 1092 Console 0 5,652 K
svchost.exe 1160 Console 0 9,320 K
svchost.exe 1196 Console 0 39,836 K
svchost.exe 1252 Console 0 3,856 K
svchost.exe 1408 Console 0 9,236 K
CCSETMGR.EXE 1556 Console 0 4,580 K
SNDSrvc.exe 1572 Console 0 2,732 K
SPBBCSvc.exe 1584 Console 0 1,292 K
CCEVTMGR.EXE 1640 Console 0 2,864 K
WLTRYSVC.EXE 1752 Console 0 1,624 K
BCMWLTRY.EXE 1764 Console 0 9,380 K
spoolsv.exe 1824 Console 0 10,080 K
scardsvr.exe 1872 Console 0 2,692 K
AluSchedulerSvc.exe 208 Console 0 620 K
BAsfIpM.exe 240 Console 0 3,388 K
cisvc.exe 256 Console 0 640 K
Czfmdser.exe 288 Console 0 2,188 K
Iap.exe 416 Console 0 1,624 K
inetinfo.exe 432 Console 0 7,952 K
MDM.EXE 496 Console 0 2,884 K
sqlservr.exe 528 Console 0 15,764 K
NAVAPSVC.EXE 584 Console 0 1,700 K
NicConfigSvc.exe 604 Console 0 5,284 K
NPFMNTOR.EXE 648 Console 0 3,568 K
nvsvc32.exe 660 Console 0 5,056 K
svchost.exe 768 Console 0 6,504 K
symlcsvc.exe 808 Console 0 200 K
wdfmgr.exe 120 Console 0 1,756 K
WebUpdateSvc.exe 1360 Console 0 2,312 K
exmgmt.exe 1484 Console 0 5,188 K
alg.exe 2480 Console 0 3,164 K
wmiprvse.exe 2660 Console 0 6,740 K
explorer.exe 3452 Console 0 12,936 K
jusched.exe 1592 Console 0 2,008 K
quickset.exe 2876 Console 0 6,580 K
WLTRAY.EXE 3044 Console 0 5,956 K
DVDLauncher.exe 3300 Console 0 3,488 K
tfswctrl.exe 3424 Console 0 4,208 K
CCAPP.EXE 3608 Console 0 18,236 K
hpgs2wnd.exe 3720 Console 0 4,832 K
CZFMDxpk.exe 2820 Console 0 3,284 K
rundll32.exe 1776 Console 0 3,924 K
type32.exe 3784 Console 0 412 K
hpgs2wnf.exe 980 Console 0 4,216 K
point32.exe 1780 Console 0 5,684 K
cidaemon.exe 508 Console 0 296 K
hpwuSchd2.exe 488 Console 0 2,652 K
PSDiagnostic.exe 732 Console 0 14,112 K
iTunesHelper.exe 2276 Console 0 4,668 K
qttask.exe 3852 Console 0 2,852 K
iPodService.exe 2252 Console 0 3,616 K
ctfmon.exe 2936 Console 0 3,872 K
cidaemon.exe 2960 Console 0 916 K
msmsgs.exe 2808 Console 0 8,728 K
wcescomm.exe 3148 Console 0 6,808 K
atidtct.exe 1188 Console 0 4,280 K
rapimgr.exe 3416 Console 0 7,164 K
msnmsgr.exe 1788 Console 0 6,980 K
PlaxoHelper.exe 3432 Console 0 8,264 K
DLG.exe 3860 Console 0 3,404 K
hpqtra08.exe 284 Console 0 7,948 K
sqlmangr.exe 1116 Console 0 5,968 K
STATUS~1.EXE 1520 Console 0 6,668 K
javaw.exe 2740 Console 0 50,180 K
hpqgalry.exe 4088 Console 0 15,624 K
svchost.exe 5264 Console 0 3,456 K
OUTLOOK.EXE 5048 Console 0 75,064 K
WINWORD.EXE 3472 Console 0 26,444 K
mstsc.exe 5872 Console 0 17,988 K
cmd.exe 2136 Console 0 2,636 K
npadmer.exe 5908 Console 0 8,252 K
iexplore.exe 6056 Console 0 23,936 K
AcroRd32.exe 6764 Console 0 11,872 K
ttermpro.exe 4144 Console 0 4,368 K
NomadSP.exe 5460 Console 0 16,372 K
cmd.exe 7644 Console 0 2,644 K
tasklist.exe 6612 Console 0 4,468 K
wmiprvse.exe 8124 Console 0 5,700 K
C:\Program Files\Support Tools>
Blaine
C:\Program Files\Support Tools>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 236 K
smss.exe 740 Console 0 388 K
csrss.exe 812 Console 0 4,952 K
winlogon.exe 836 Console 0 9,684 K
services.exe 880 Console 0 4,968 K
lsass.exe 892 Console 0 6,608 K
svchost.exe 1092 Console 0 5,652 K
svchost.exe 1160 Console 0 9,320 K
svchost.exe 1196 Console 0 39,836 K
svchost.exe 1252 Console 0 3,856 K
svchost.exe 1408 Console 0 9,236 K
CCSETMGR.EXE 1556 Console 0 4,580 K
SNDSrvc.exe 1572 Console 0 2,732 K
SPBBCSvc.exe 1584 Console 0 1,292 K
CCEVTMGR.EXE 1640 Console 0 2,864 K
WLTRYSVC.EXE 1752 Console 0 1,624 K
BCMWLTRY.EXE 1764 Console 0 9,380 K
spoolsv.exe 1824 Console 0 10,080 K
scardsvr.exe 1872 Console 0 2,692 K
AluSchedulerSvc.exe 208 Console 0 620 K
BAsfIpM.exe 240 Console 0 3,388 K
cisvc.exe 256 Console 0 640 K
Czfmdser.exe 288 Console 0 2,188 K
Iap.exe 416 Console 0 1,624 K
inetinfo.exe 432 Console 0 7,952 K
MDM.EXE 496 Console 0 2,884 K
sqlservr.exe 528 Console 0 15,764 K
NAVAPSVC.EXE 584 Console 0 1,700 K
NicConfigSvc.exe 604 Console 0 5,284 K
NPFMNTOR.EXE 648 Console 0 3,568 K
nvsvc32.exe 660 Console 0 5,056 K
svchost.exe 768 Console 0 6,504 K
symlcsvc.exe 808 Console 0 200 K
wdfmgr.exe 120 Console 0 1,756 K
WebUpdateSvc.exe 1360 Console 0 2,312 K
exmgmt.exe 1484 Console 0 5,188 K
alg.exe 2480 Console 0 3,164 K
wmiprvse.exe 2660 Console 0 6,740 K
explorer.exe 3452 Console 0 12,936 K
jusched.exe 1592 Console 0 2,008 K
quickset.exe 2876 Console 0 6,580 K
WLTRAY.EXE 3044 Console 0 5,956 K
DVDLauncher.exe 3300 Console 0 3,488 K
tfswctrl.exe 3424 Console 0 4,208 K
CCAPP.EXE 3608 Console 0 18,236 K
hpgs2wnd.exe 3720 Console 0 4,832 K
CZFMDxpk.exe 2820 Console 0 3,284 K
rundll32.exe 1776 Console 0 3,924 K
type32.exe 3784 Console 0 412 K
hpgs2wnf.exe 980 Console 0 4,216 K
point32.exe 1780 Console 0 5,684 K
cidaemon.exe 508 Console 0 296 K
hpwuSchd2.exe 488 Console 0 2,652 K
PSDiagnostic.exe 732 Console 0 14,112 K
iTunesHelper.exe 2276 Console 0 4,668 K
qttask.exe 3852 Console 0 2,852 K
iPodService.exe 2252 Console 0 3,616 K
ctfmon.exe 2936 Console 0 3,872 K
cidaemon.exe 2960 Console 0 916 K
msmsgs.exe 2808 Console 0 8,728 K
wcescomm.exe 3148 Console 0 6,808 K
atidtct.exe 1188 Console 0 4,280 K
rapimgr.exe 3416 Console 0 7,164 K
msnmsgr.exe 1788 Console 0 6,980 K
PlaxoHelper.exe 3432 Console 0 8,264 K
DLG.exe 3860 Console 0 3,404 K
hpqtra08.exe 284 Console 0 7,948 K
sqlmangr.exe 1116 Console 0 5,968 K
STATUS~1.EXE 1520 Console 0 6,668 K
javaw.exe 2740 Console 0 50,180 K
hpqgalry.exe 4088 Console 0 15,624 K
svchost.exe 5264 Console 0 3,456 K
OUTLOOK.EXE 5048 Console 0 75,064 K
WINWORD.EXE 3472 Console 0 26,444 K
mstsc.exe 5872 Console 0 17,988 K
cmd.exe 2136 Console 0 2,636 K
npadmer.exe 5908 Console 0 8,252 K
iexplore.exe 6056 Console 0 23,936 K
AcroRd32.exe 6764 Console 0 11,872 K
ttermpro.exe 4144 Console 0 4,368 K
NomadSP.exe 5460 Console 0 16,372 K
cmd.exe 7644 Console 0 2,644 K
tasklist.exe 6612 Console 0 4,468 K
wmiprvse.exe 8124 Console 0 5,700 K
C:\Program Files\Support Tools>
> svchost.exe
every of these svchost processes is a service. please see your services and double-check if those really need to be turned on all. have we already cleared out that this time-update-service is disabled? i dont know its exact description or title, but please please please check for that!
> CCSETMGR.EXE 1556 Console 0 4,580 K
> SNDSrvc.exe 1572 Console 0 2,732 K
> SPBBCSvc.exe 1584 Console 0 1,292 K
> CCEVTMGR.EXE 1640 Console 0 2,864 K
> WLTRYSVC.EXE 1752 Console 0 1,624 K
> BCMWLTRY.EXE 1764 Console 0 9,380 K
dont know them. are you sure they have to run? BCMWLTRY sounds like only giving you a TRaY-icon on the taskbar. search for all those .exe-files and find out to which application they belong. i suspect most of them are not needed to be active all the time. maybe one of these already continously updates the time?
> AluSchedulerSvc.exe 208 Console 0 620 K
Scheduler-something? very suspect! find out which application this starts
> BAsfIpM.exe 240 Console 0 3,388 K
> cisvc.exe 256 Console 0 640 K
> Czfmdser.exe 288 Console 0 2,188 K
> Iap.exe 416 Console 0 1,624 K
> inetinfo.exe 432 Console 0 7,952 K
> MDM.EXE 496 Console 0 2,884 K
> NicConfigSvc.exe 604 Console 0 5,284 K
> nvsvc32.exe 660 Console 0 5,056 K
> symlcsvc.exe 808 Console 0 200 K
> wdfmgr.exe 120 Console 0 1,756 K
same to these.
> WebUpdateSvc.exe 1360 Console 0 2,312 K
Web-update-something? what the hell is this? please dont say you dont know
> exmgmt.exe 1484 Console 0 5,188 K
> alg.exe 2480 Console 0 3,164 K
> jusched.exe 1592 Console 0 2,008 K
> quickset.exe 2876 Console 0 6,580 K
> WLTRAY.EXE 3044 Console 0 5,956 K
> DVDLauncher.exe 3300 Console 0 3,488 K
> tfswctrl.exe 3424 Console 0 4,208 K
> hpgs2wnd.exe 3720 Console 0 4,832 K
> CZFMDxpk.exe 2820 Console 0 3,284 K
check these too.
> rundll32.exe 1776 Console 0 3,924 K
very suspect!!! where does this come from? kill this immediantly with "TASKKILL 1776" (of course, now it may have another number - so do TASKLIST first. of course, you can also use the task-manager to kill processes)
> type32.exe 3784 Console 0 412 K
> hpgs2wnf.exe 980 Console 0 4,216 K
> point32.exe 1780 Console 0 5,684 K
> cidaemon.exe 508 Console 0 296 K
> hpwuSchd2.exe 488 Console 0 2,652 K
> PSDiagnostic.exe 732 Console 0 14,112 K
> iTunesHelper.exe 2276 Console 0 4,668 K
> qttask.exe 3852 Console 0 2,852 K
> iPodService.exe 2252 Console 0 3,616 K
> cidaemon.exe 2960 Console 0 916 K
> msmsgs.exe 2808 Console 0 8,728 K
> wcescomm.exe 3148 Console 0 6,808 K
> atidtct.exe 1188 Console 0 4,280 K
> rapimgr.exe 3416 Console 0 7,164 K
> msnmsgr.exe 1788 Console 0 6,980 K
what in the world are you running all? is the last MSN messenger? maybe this one updates the time?
> PlaxoHelper.exe 3432 Console 0 8,264 K
> DLG.exe 3860 Console 0 3,404 K
> hpqtra08.exe 284 Console 0 7,948 K
> STATUS~1.EXE 1520 Console 0 6,668 K
> hpqgalry.exe 4088 Console 0 15,624 K
> mstsc.exe 5872 Console 0 17,988 K
> npadmer.exe 5908 Console 0 8,252 K
> ttermpro.exe 4144 Console 0 4,368 K
> NomadSP.exe 5460 Console 0 16,372 K
nearly your whole list is suspicious. i should have advised you before to close all visible applications - so we may clear out a lot of them.
> wmiprvse.exe 8124 Console 0 5,700 K
this is not very suspicious as long as it only runs shortly. check again - if this runs all the time then kill it.
man - this was too much :( i am not sure if you really have a control over your system. prove me wrong and get me all application names to the EXEs :P guess what? lets try another thing. i think most of these processes are launched when windows starts. so click on start -> run, type "regedit" and navigate the the following key:
\HKEY_LOCAL_MACHINE\SOFTWA
every of these svchost processes is a service. please see your services and double-check if those really need to be turned on all. have we already cleared out that this time-update-service is disabled? i dont know its exact description or title, but please please please check for that!
> CCSETMGR.EXE 1556 Console 0 4,580 K
> SNDSrvc.exe 1572 Console 0 2,732 K
> SPBBCSvc.exe 1584 Console 0 1,292 K
> CCEVTMGR.EXE 1640 Console 0 2,864 K
> WLTRYSVC.EXE 1752 Console 0 1,624 K
> BCMWLTRY.EXE 1764 Console 0 9,380 K
dont know them. are you sure they have to run? BCMWLTRY sounds like only giving you a TRaY-icon on the taskbar. search for all those .exe-files and find out to which application they belong. i suspect most of them are not needed to be active all the time. maybe one of these already continously updates the time?
> AluSchedulerSvc.exe 208 Console 0 620 K
Scheduler-something? very suspect! find out which application this starts
> BAsfIpM.exe 240 Console 0 3,388 K
> cisvc.exe 256 Console 0 640 K
> Czfmdser.exe 288 Console 0 2,188 K
> Iap.exe 416 Console 0 1,624 K
> inetinfo.exe 432 Console 0 7,952 K
> MDM.EXE 496 Console 0 2,884 K
> NicConfigSvc.exe 604 Console 0 5,284 K
> nvsvc32.exe 660 Console 0 5,056 K
> symlcsvc.exe 808 Console 0 200 K
> wdfmgr.exe 120 Console 0 1,756 K
same to these.
> WebUpdateSvc.exe 1360 Console 0 2,312 K
Web-update-something? what the hell is this? please dont say you dont know
> exmgmt.exe 1484 Console 0 5,188 K
> alg.exe 2480 Console 0 3,164 K
> jusched.exe 1592 Console 0 2,008 K
> quickset.exe 2876 Console 0 6,580 K
> WLTRAY.EXE 3044 Console 0 5,956 K
> DVDLauncher.exe 3300 Console 0 3,488 K
> tfswctrl.exe 3424 Console 0 4,208 K
> hpgs2wnd.exe 3720 Console 0 4,832 K
> CZFMDxpk.exe 2820 Console 0 3,284 K
check these too.
> rundll32.exe 1776 Console 0 3,924 K
very suspect!!! where does this come from? kill this immediantly with "TASKKILL 1776" (of course, now it may have another number - so do TASKLIST first. of course, you can also use the task-manager to kill processes)
> type32.exe 3784 Console 0 412 K
> hpgs2wnf.exe 980 Console 0 4,216 K
> point32.exe 1780 Console 0 5,684 K
> cidaemon.exe 508 Console 0 296 K
> hpwuSchd2.exe 488 Console 0 2,652 K
> PSDiagnostic.exe 732 Console 0 14,112 K
> iTunesHelper.exe 2276 Console 0 4,668 K
> qttask.exe 3852 Console 0 2,852 K
> iPodService.exe 2252 Console 0 3,616 K
> cidaemon.exe 2960 Console 0 916 K
> msmsgs.exe 2808 Console 0 8,728 K
> wcescomm.exe 3148 Console 0 6,808 K
> atidtct.exe 1188 Console 0 4,280 K
> rapimgr.exe 3416 Console 0 7,164 K
> msnmsgr.exe 1788 Console 0 6,980 K
what in the world are you running all? is the last MSN messenger? maybe this one updates the time?
> PlaxoHelper.exe 3432 Console 0 8,264 K
> DLG.exe 3860 Console 0 3,404 K
> hpqtra08.exe 284 Console 0 7,948 K
> STATUS~1.EXE 1520 Console 0 6,668 K
> hpqgalry.exe 4088 Console 0 15,624 K
> mstsc.exe 5872 Console 0 17,988 K
> npadmer.exe 5908 Console 0 8,252 K
> ttermpro.exe 4144 Console 0 4,368 K
> NomadSP.exe 5460 Console 0 16,372 K
nearly your whole list is suspicious. i should have advised you before to close all visible applications - so we may clear out a lot of them.
> wmiprvse.exe 8124 Console 0 5,700 K
this is not very suspicious as long as it only runs shortly. check again - if this runs all the time then kill it.
man - this was too much :( i am not sure if you really have a control over your system. prove me wrong and get me all application names to the EXEs :P guess what? lets try another thing. i think most of these processes are launched when windows starts. so click on start -> run, type "regedit" and navigate the the following key:
\HKEY_LOCAL_MACHINE\SOFTWA
ASKER
Don't kick me out yet, just been really busy with a new baby on the way and that has put me behind, AGAIN. I am still diving into these.
Thanks,
Blaine
Thanks,
Blaine
ASKER
Thanks for your patience on this. here is the information from Regedit you requested. I have also looked into the other programs that are running. Nothing sends a red flag so. In other words, I have searched in all directories for these files and verifid they arae where they are purported supposed to be. Now there are two I was unable to get anywhere with. The first was status~1.exe and the second is the Rundll32.exe. and below is the list of modules that are supposedly running with it, if it tells you anything.
THANKS!!!
Blaine
ntdll.dll, kernel32.dll, msvcrt.dll,
GDI32.dll, USER32.dll, IMAGEHLP.dll,
ShimEng.dll, AcGenral.DLL, ADVAPI32.dll,
RPCRT4.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, serwvdrv.dll,
umdmxfrm.dll, comctl32.dll, comctl32.dll,
V0060Pin.dll, CFGMGR32.dll, setupapi.dll,
CtCamPin.crl, msctfime.ime, MSCTF.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"NvCplDaemon"="RUNDLL32.EX
"nwiz"="nwiz.exe /installquiet"
"SunJavaUpdateSched"="C:\\
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\qui
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32
"DVDLauncher"="\"C:\\Progr
"UpdateManager"="\"C:\\Pro
"dla"="C:\\WINDOWS\\system
"Synchronization Manager"=hex(2):25,00,53,0
00,6f,00,6f,00,74,00,25,00
32,00,5c,00,6d,00,6f,00,62
00,20,00,2f,00,6c,00,6f,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SY
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP
"CZFMDXPK"="C:\\PROGRA~1\\
"VF0060 STISvc"="RunDLL32.exe V0060Pin.dll,RunDLL32EP 513"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Prog
@=""
"PrintServer Diagnostic"="C:\\Program Files\\Print Server\\PTP\\PSDiagnostic.
"iTunesHelper"="\"C:\\Prog
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.e
"SSBkgdUpdate"="C:\\Progra
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP
"TomcatStartup 2.5"="C:\\Program Files\\Hewlett-Packard\\To
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
THANKS!!!
Blaine
ntdll.dll, kernel32.dll, msvcrt.dll,
GDI32.dll, USER32.dll, IMAGEHLP.dll,
ShimEng.dll, AcGenral.DLL, ADVAPI32.dll,
RPCRT4.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, serwvdrv.dll,
umdmxfrm.dll, comctl32.dll, comctl32.dll,
V0060Pin.dll, CFGMGR32.dll, setupapi.dll,
CtCamPin.crl, msctfime.ime, MSCTF.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"NvCplDaemon"="RUNDLL32.EX
"nwiz"="nwiz.exe /installquiet"
"SunJavaUpdateSched"="C:\\
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\qui
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32
"DVDLauncher"="\"C:\\Progr
"UpdateManager"="\"C:\\Pro
"dla"="C:\\WINDOWS\\system
"Synchronization Manager"=hex(2):25,00,53,0
00,6f,00,6f,00,74,00,25,00
32,00,5c,00,6d,00,6f,00,62
00,20,00,2f,00,6c,00,6f,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SY
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP
"CZFMDXPK"="C:\\PROGRA~1\\
"VF0060 STISvc"="RunDLL32.exe V0060Pin.dll,RunDLL32EP 513"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Prog
@=""
"PrintServer Diagnostic"="C:\\Program Files\\Print Server\\PTP\\PSDiagnostic.
"iTunesHelper"="\"C:\\Prog
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.e
"SSBkgdUpdate"="C:\\Progra
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP
"TomcatStartup 2.5"="C:\\Program Files\\Hewlett-Packard\\To
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWA
"Installed"="1"
ASKER
OK, I have spent several hours this morning changing the clock and staring at process list to see what consistently fires everytime the time changes. And, here is what I have deduced visually. ALMOST everytime that Outlook fires, especially when reminder windows are involved, the time resets to five hours behind the current local time. In other words, the time is not simply subtracting five hours from what the computer is set to, because even if I set it 10 hours either side of what it keeps resetting to, it still goes to five hours behind the current local time (CT). So, is there a way to log the process that is making this change?
Thanks Again!
Blaine
Thanks Again!
Blaine
congratulations and best wishes for your new baby :)
ive googled to find a problem with outlook resetting the time, but havent found anything. are you really sure? you said "ALMOST", that makes me wonder it wont reset everytime outlook "fires". maybe outlook itself has an option for that? look under menu "extras", "options", "calendar options", "timezone" - maybe this has an incorrect setting?
if it really comes down that only outlook can be the issue, i dont have any ideas left. your registry data has a few suspicious entries too (especially "C:\PROGRA~1\FDD_FM~1\CZFM
oh - this one might be a bit stupid, but does the "time reset" also happen when youre offline? and i really mean offline: disable your network interface in the device manager or unplug your lan cable...
ive googled to find a problem with outlook resetting the time, but havent found anything. are you really sure? you said "ALMOST", that makes me wonder it wont reset everytime outlook "fires". maybe outlook itself has an option for that? look under menu "extras", "options", "calendar options", "timezone" - maybe this has an incorrect setting?
if it really comes down that only outlook can be the issue, i dont have any ideas left. your registry data has a few suspicious entries too (especially "C:\PROGRA~1\FDD_FM~1\CZFM
oh - this one might be a bit stupid, but does the "time reset" also happen when youre offline? and i really mean offline: disable your network interface in the device manager or unplug your lan cable...
ASKER
Thanks, I checked the Outlook Settings and everything appears to be correct in terms of the time zone and no secondary zone selected or setup. It does appear that when I have reminders pop up when my time tends to change. I have tried to watch it as much as possible and not have other programs running to see and verify.
As for the c:\progra~1\FDD_FM~1\CZFMD
I think I tested the offline stuff, but I will double-check it before saying for sure.
Thanks Again!
Blaine
As for the c:\progra~1\FDD_FM~1\CZFMD
I think I tested the offline stuff, but I will double-check it before saying for sure.
Thanks Again!
Blaine
ASKER
OK, I ran for an hour and even when reminders came up, nothing changed on the clock.
Don't know what this tells us.
Thanks,
Blaine
Don't know what this tells us.
Thanks,
Blaine
ASKER
I think I am still wrong. Now that I have plugged it back into the network, the time is changing, but not relative to the Reminder's Opening up anymore. Boy, what an issue.
Thanks,
Blaine
Thanks,
Blaine
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\Program Files\Support Tools>tasklist /svc
Image Name PID Services
========================= ====== ==========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 752 N/A
csrss.exe 824 N/A
winlogon.exe 848 N/A
services.exe 892 Eventlog, PlugPlay
lsass.exe 904 Netlogon, PolicyAgent, ProtectedStorage,
SamSs
svchost.exe 1116 DcomLaunch, TermService
svchost.exe 1180 RpcSs
svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, w32time, winmgmt,
wuauserv
svchost.exe 1360 Dnscache
svchost.exe 1580 LmHosts, RemoteRegistry, SSDPSRV, WebClient
CCSETMGR.EXE 1740 ccSetMgr
SNDSrvc.exe 1756 SNDSrvc
SPBBCSvc.exe 1776 SPBBCSvc
CCEVTMGR.EXE 1828 ccEvtMgr
WLTRYSVC.EXE 1976 wltrysvc
BCMWLTRY.EXE 1992 N/A
spoolsv.exe 192 Spooler
scardsvr.exe 232 SCardSvr
AluSchedulerSvc.exe 732 Automatic LiveUpdate Scheduler
BAsfIpM.exe 812 BAsfIpM
cisvc.exe 868 cisvc
Czfmdser.exe 120 CZFMDSER.EXE
ETCNet2Services.exe 1168 ETC PCTime Service (NTP) (Ver:4.0.1.9.0.1),
ETCBootpService (Ver:4.0.1.9.0.1)
Iap.exe 1264 Iap
inetinfo.exe 1300 IISADMIN, W3SVC
MDM.EXE 1464 MDM
sqlservr.exe 1508 MSSQL$SHOWSIM
NicConfigSvc.exe 1720 NICCONFIGSVC
NPFMNTOR.EXE 1920 NPFMntor
nvsvc32.exe 1936 NVSvc
HPZipm12.exe 2024 Pml Driver HPZ12
svchost.exe 372 stisvc
symlcsvc.exe 492 Symantec Core LC
wdfmgr.exe 540 UMWdf
WebUpdateSvc.exe 1436 WebUpdate
exmgmt.exe 2056 MSExchangeMGMT
wmiprvse.exe 2612 N/A
alg.exe 2968 ALG
explorer.exe 3108 N/A
svchost.exe 3752 HTTPFilter
jusched.exe 2572 N/A
quickset.exe 1784 N/A
WLTRAY.EXE 172 N/A
DVDLauncher.exe 2560 N/A
tfswctrl.exe 3872 N/A
CCAPP.EXE 884 N/A
hpgs2wnd.exe 3908 N/A
CZFMDxpk.exe 2488 N/A
rundll32.exe 3964 N/A
type32.exe 392 N/A
point32.exe 600 N/A
PSDiagnostic.exe 1620 N/A
iTunesHelper.exe 1644 N/A
qttask.exe 2220 N/A
hpwuSchd2.exe 1856 N/A
hpgs2wnf.exe 2404 N/A
ctfmon.exe 2448 N/A
iPodService.exe 2428 iPodService
msmsgs.exe 2436 N/A
wcescomm.exe 1016 N/A
atidtct.exe 2660 N/A
msnmsgr.exe 896 N/A
PlaxoHelper.exe 2356 N/A
GoogleToolbarNotifier.exe 2812 N/A
DLG.exe 288 N/A
hpqtra08.exe 3092 N/A
rapimgr.exe 3268 N/A
sqlmangr.exe 3284 N/A
hpqgalry.exe 3824 N/A
STATUS~1.EXE 3840 N/A
javaw.exe 2604 N/A
OUTLOOK.EXE 4992 N/A
WINWORD.EXE 4440 N/A
cidaemon.exe 3916 N/A
cidaemon.exe 3028 N/A
WCESMgr.exe 1748 N/A
mstsc.exe 292 N/A
iexplore.exe 2424 N/A
cmd.exe 4684 N/A
HPBPRO.EXE 5756 N/A
tasklist.exe 4908 N/A
wmiprvse.exe 1564 N/A
C:\Program Files\Support Tools>
Image Name PID Services
========================= ====== ==========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 752 N/A
csrss.exe 824 N/A
winlogon.exe 848 N/A
services.exe 892 Eventlog, PlugPlay
lsass.exe 904 Netlogon, PolicyAgent, ProtectedStorage,
SamSs
svchost.exe 1116 DcomLaunch, TermService
svchost.exe 1180 RpcSs
svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, w32time, winmgmt,
wuauserv
svchost.exe 1360 Dnscache
svchost.exe 1580 LmHosts, RemoteRegistry, SSDPSRV, WebClient
CCSETMGR.EXE 1740 ccSetMgr
SNDSrvc.exe 1756 SNDSrvc
SPBBCSvc.exe 1776 SPBBCSvc
CCEVTMGR.EXE 1828 ccEvtMgr
WLTRYSVC.EXE 1976 wltrysvc
BCMWLTRY.EXE 1992 N/A
spoolsv.exe 192 Spooler
scardsvr.exe 232 SCardSvr
AluSchedulerSvc.exe 732 Automatic LiveUpdate Scheduler
BAsfIpM.exe 812 BAsfIpM
cisvc.exe 868 cisvc
Czfmdser.exe 120 CZFMDSER.EXE
ETCNet2Services.exe 1168 ETC PCTime Service (NTP) (Ver:4.0.1.9.0.1),
ETCBootpService (Ver:4.0.1.9.0.1)
Iap.exe 1264 Iap
inetinfo.exe 1300 IISADMIN, W3SVC
MDM.EXE 1464 MDM
sqlservr.exe 1508 MSSQL$SHOWSIM
NicConfigSvc.exe 1720 NICCONFIGSVC
NPFMNTOR.EXE 1920 NPFMntor
nvsvc32.exe 1936 NVSvc
HPZipm12.exe 2024 Pml Driver HPZ12
svchost.exe 372 stisvc
symlcsvc.exe 492 Symantec Core LC
wdfmgr.exe 540 UMWdf
WebUpdateSvc.exe 1436 WebUpdate
exmgmt.exe 2056 MSExchangeMGMT
wmiprvse.exe 2612 N/A
alg.exe 2968 ALG
explorer.exe 3108 N/A
svchost.exe 3752 HTTPFilter
jusched.exe 2572 N/A
quickset.exe 1784 N/A
WLTRAY.EXE 172 N/A
DVDLauncher.exe 2560 N/A
tfswctrl.exe 3872 N/A
CCAPP.EXE 884 N/A
hpgs2wnd.exe 3908 N/A
CZFMDxpk.exe 2488 N/A
rundll32.exe 3964 N/A
type32.exe 392 N/A
point32.exe 600 N/A
PSDiagnostic.exe 1620 N/A
iTunesHelper.exe 1644 N/A
qttask.exe 2220 N/A
hpwuSchd2.exe 1856 N/A
hpgs2wnf.exe 2404 N/A
ctfmon.exe 2448 N/A
iPodService.exe 2428 iPodService
msmsgs.exe 2436 N/A
wcescomm.exe 1016 N/A
atidtct.exe 2660 N/A
msnmsgr.exe 896 N/A
PlaxoHelper.exe 2356 N/A
GoogleToolbarNotifier.exe 2812 N/A
DLG.exe 288 N/A
hpqtra08.exe 3092 N/A
rapimgr.exe 3268 N/A
sqlmangr.exe 3284 N/A
hpqgalry.exe 3824 N/A
STATUS~1.EXE 3840 N/A
javaw.exe 2604 N/A
OUTLOOK.EXE 4992 N/A
WINWORD.EXE 4440 N/A
cidaemon.exe 3916 N/A
cidaemon.exe 3028 N/A
WCESMgr.exe 1748 N/A
mstsc.exe 292 N/A
iexplore.exe 2424 N/A
cmd.exe 4684 N/A
HPBPRO.EXE 5756 N/A
tasklist.exe 4908 N/A
wmiprvse.exe 1564 N/A
C:\Program Files\Support Tools>
ASKER
I do notice a service called ETCNet2Services.exe 1168 ETC PCTime Service (NTP) (Ver:4.0.1.9.0.1. This is interesting, it is part of a package I use to program Electronic Theater Controls DMX networks. I will look into this as well.
Thanks,
Blaine
Thanks,
Blaine
THIS MUST BE THE LINE:
svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, w32time, winmgmt,
wuauserv
notice "w32time"? it is a service. PLEASE PLEASE do the following: click "start" -> "run" -> "services.msc" and then the services list. click on the column "status" to sort it and see all running services. watch out for a service named similar to "windows time". stop it. doubleclick on it and select as auto-start the option "disable". i dont know why you have this running, i told you in my FIRST TWO comments to look out for that. it is a service which coninously uses the time of some server in the internet to accurately set your local time (which is totally needless for almost all home users).
but maybe THAT service works alright and your "ETCNet2Services.exe" is misbehaving. this one is also a service, so watch out the services list also for this one to stop it and then to disable it (disabling it means it wont be started by windows ever again). normally services that dont come with windows dont have any description, so you should find this one easily.
there are also a lot of other services running which you will probably never need in your life - lets care for them after we solved the time issue, ok?
svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, w32time, winmgmt,
wuauserv
notice "w32time"? it is a service. PLEASE PLEASE do the following: click "start" -> "run" -> "services.msc" and then the services list. click on the column "status" to sort it and see all running services. watch out for a service named similar to "windows time". stop it. doubleclick on it and select as auto-start the option "disable". i dont know why you have this running, i told you in my FIRST TWO comments to look out for that. it is a service which coninously uses the time of some server in the internet to accurately set your local time (which is totally needless for almost all home users).
but maybe THAT service works alright and your "ETCNet2Services.exe" is misbehaving. this one is also a service, so watch out the services list also for this one to stop it and then to disable it (disabling it means it wont be started by windows ever again). normally services that dont come with windows dont have any description, so you should find this one easily.
there are also a lot of other services running which you will probably never need in your life - lets care for them after we solved the time issue, ok?
ASKER
I just gave you the points you have definitely earned. After seeing the ETC NTP Service, I decided to set it to manual and stopped it. I left the machine running overnight, and it is still showing the correct time. The reason I did not take your advice on the w32time service is because I do want my machine to be in sync with the two DCs we have in our network environment. You had me do the tasklist before, but for some reason I did not see the NTP associated with the ETC service. Sorry to make you work so hard. I should have paid better attention. I just did not realize that there was an NTP service running with ETC, so I have emailed their software engineering department to see what is actually serving the time for them. Again, I can't tell you how much I appreciate your help on this. I am interested in learning more about the services I ". . .will probably never need. . ." in my life.
THANKS!!!
Blaine
THANKS!!!
Blaine
glad we finally found out :)
> svchost.exe 1116 DcomLaunch, TermService
"TermService" gives people from outside the the possibility to login via telnet. this is rather hazardous and i bet you dont need anyone to be able to login to your computer.
> svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
> ERSvc, EventSystem, helpsvc, HidServ,
> lanmanserver, lanmanworkstation, Netman,
> Nla, RasMan, Schedule, seclogon, SENS,
> SharedAccess, ShellHWDetection, srservice,
> TapiSrv, Themes, TrkWks, w32time, winmgmt,
> wuauserv
"Dhcp" is only needed if youre in a network which constantly changes. in most cases you dont need it. "Schedule" is only needed if you use the windows scheduler to perform tasks at given times. i never use that - do you? "seclogon" gives you the possibility to logon as a second user while already being logged on. either this is the so-called xp feature "fast user switching" or it means the possibility to use "run as" for starting a program under another account. both cases are needed very seldom.
> svchost.exe 1580 LmHosts, RemoteRegistry, SSDPSRV, WebClient
"RemoteRegistry" gives poeple from outside the chance to access (and modify) your registry. very dangerous! never fully understand what "WebClient" is, but it never hit me disabling it. sounds a bit like a useless frontpage thing.
> SNDSrvc.exe 1756 SNDSrvc
> SPBBCSvc.exe 1776 SPBBCSvc
> WRYSVC.EXE 1976 wltrysvc
> BAsfIpM.exe 812 BAsfIpM
> NicConfigSvc.exe 1720 NICCONFIGSVC
> HPZipm12.exe 2024 Pml Driver HPZ12
> wdfmgr.exe 540 UMWdf
> WebUpdateSvc.exe 1436 WebUpdate
dont know them.
consider all services mentioned to set to disabled. you have to search for their display name a bit, you can orientate on the current status "running". for the services i dont know: try to review the manuals to the corresponding software, if its really needed to have all those services running. in most cases theyre only always running to recognize hot-plugged devices via usb or else. but if you have no problems with your computer regarding performance you may dont care about all that of course ;-)
> svchost.exe 1116 DcomLaunch, TermService
"TermService" gives people from outside the the possibility to login via telnet. this is rather hazardous and i bet you dont need anyone to be able to login to your computer.
> svchost.exe 1320 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
> ERSvc, EventSystem, helpsvc, HidServ,
> lanmanserver, lanmanworkstation, Netman,
> Nla, RasMan, Schedule, seclogon, SENS,
> SharedAccess, ShellHWDetection, srservice,
> TapiSrv, Themes, TrkWks, w32time, winmgmt,
> wuauserv
"Dhcp" is only needed if youre in a network which constantly changes. in most cases you dont need it. "Schedule" is only needed if you use the windows scheduler to perform tasks at given times. i never use that - do you? "seclogon" gives you the possibility to logon as a second user while already being logged on. either this is the so-called xp feature "fast user switching" or it means the possibility to use "run as" for starting a program under another account. both cases are needed very seldom.
> svchost.exe 1580 LmHosts, RemoteRegistry, SSDPSRV, WebClient
"RemoteRegistry" gives poeple from outside the chance to access (and modify) your registry. very dangerous! never fully understand what "WebClient" is, but it never hit me disabling it. sounds a bit like a useless frontpage thing.
> SNDSrvc.exe 1756 SNDSrvc
> SPBBCSvc.exe 1776 SPBBCSvc
> WRYSVC.EXE 1976 wltrysvc
> BAsfIpM.exe 812 BAsfIpM
> NicConfigSvc.exe 1720 NICCONFIGSVC
> HPZipm12.exe 2024 Pml Driver HPZ12
> wdfmgr.exe 540 UMWdf
> WebUpdateSvc.exe 1436 WebUpdate
dont know them.
consider all services mentioned to set to disabled. you have to search for their display name a bit, you can orientate on the current status "running". for the services i dont know: try to review the manuals to the corresponding software, if its really needed to have all those services running. in most cases theyre only always running to recognize hot-plugged devices via usb or else. but if you have no problems with your computer regarding performance you may dont care about all that of course ;-)