Windows 7 pro system being changed by application

oldtighthead
oldtighthead used Ask the Experts™
on
We have a desktop machine running windows 7 pro that keeps having it's time changed to be 8 (aprrox) minutes later than it is. Update/sync time from date/time tool bar , internet time will bring the clock back in line however within 10 minutes or so the clock will revert. I've attached an event log to show this time travel.
So far today.
Changed CMOS battery and checked firmware revision, ok.
CMOS clock ( without running windows) happy to stay on time.
Upon running Windows for 10 minutes the system time AND CMOS time get changed backwards.
Corrected CMOS and ran windows in safe mode,,,,, all is well.
I used an app called atomic to re-register the time service to no avail.
I've left the app running as it checks the correct time every 20 seconds.
This problem has been going on for a little while however it only screwed things up when it cancelled scheduled appointments  when synching gmail appts with outlook.
The machine site in a workgroup with 3  other w7 boxes , all of which have the correct time as does the netgear router.
No service in the list shouts out as being the culprit, so the question gentlemen/ladies is, what has  the wrong time and has the audacity to keep changing it.
The machine is protected by Malwarebytes premium and Norton internet Security , both are up todate.
Thanks.
Just discovered the .evtx file for the events is not an allowed attachment
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Systems Administrator
Commented:
Try running msconfig

in startup tab disable all

in services tab hide all Microsoft services then disable all others.

Restart and see what happens

Could be a program running that is causing this to happen
What make and model is this computer?
Distinguished Expert 2018

Commented:
As time changes require administrative rights, it has to be something that you yourself run interactively with elevated rights or a service. The time changes will be logged, please quote the events, you don't need to upload the whole log.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Author

Commented:
please find attached log of an event taking the time backwards , further up the log are me resetting the time, so look at 14.14 going back to 14.02.

Thanks
C--Documents-and-Settings-Keith-Desktop-
Are you behind a server?

Can you click on start then type in run and open it. Then type in services.msc

Now scroll down to windows time. Is it set to automatic?
Thomas GrassiSystems Administrator

Commented:
Change from the Microsoft time server to

Pool.ntp.org

The error shows not connecting to time.windows.com

AS joinaunion says above are you connected to a server is  this standalone?

If connected to server then setup your sever to be a NTP server then all computers point to your server.

If standalone just change the time server to Pool.ntp.org

Author

Commented:
It is a standalone machine , Gigabyte ga970a DS3P with amd fx6300 proc. Will change time server as suggested to pool.ntp.org and check.

Thanks

Author

Commented:
Unable to start windows time service, error 1290 "other services in this process have an incompatible SID". Ran sfc /scannow.
Now cannot enable service as it is marked for deletion. ??

Author

Commented:
Hmnnn. Change service config failed 1022(?)
               Specified service has been marked for deletion

Author

Commented:
Closed services.msc and tried again , new error is

The specified service does not exist as an installed service.

Author

Commented:
Re-registered w32time     ok


Took ownership with sc command ok

Windows time service started     Yippee.

Updated time to pool.ntp.org........... An error occure d while windows was synchronising.

A further message in the update time windows stated
An error occured getting the status of the last sync...... Access denied ?

Author

Commented:
just checked clock on system and it has lost 12 minutes since earlier this evening when it was correct. i'm on the machine remotely.
I think the issue is that you need to setup a static ip address.

http://www.pool.ntp.org/en/join.html
Your computer must have a static IP address and a permanent internet connection. It's very imporant that your IP address doesn't change or only does so extremely infrequently (say once a year or less). The required bandwidth is relatively low. Each client will only send a couple of UDP packets every few to every 20 minutes.

To setup static ip follow tutorial here then try again.
http://portforward.com/networking/static-win7.htm

Author

Commented:
ok i will try tomorrow.. why would the IP address issue be resolved when running in safe mode as i tested on tuesday ( safe mode with networking)
Are you behind a router?

If so what type and model?

Author

Commented:
Machine along with 3 others in the house are connected via a netgear dgn 2200 on a permanent BT broadband. The other machines don't have a problem , the router time is correct, i can't find a box that has the wrong time !!. the machine has had the same ip address for 4 days now. Could Norton or the router be blocking the time sync message,, but still leavs the question about the time being changed back within 30 minutes after being corrected.. Weeird
Sorry wich model is it exactly? There is many 2200 models.
If it's possible can you please connect directly to your modem and then try getting the time again from the server.

Just for troubleshooting purposes.

Thanks
Sorry.

If after you connect to modem and it holds correct time then you need to setup a custom time server on your router if your model supports doing so.

You will do it like this http://documentation.netgear.com/fvs336g/enu/202-10257-01/FVS336G_RM-10-12.html

Here is where you will put in  pool.ntp.org

Now click apply and try again. I suggest rebooting computer after you make changes.

Author

Commented:
Just connected to modem it is a DGN2200 N300 as i said, running on V1.0.0.46.7.0.44. I went through the linked document and compared with the setup possibilities of the modem . There doesn't appear to be the option of setting up a ntp server on the modem.
So i'm stuck again.
A couple of things to try in the meantime.On the modem configure the following.
1. Wan Set Up- Set Nat filtering to Open.

2. Enable Upnp

In the meantime I will continue to look into this. It looks as though you may need to set a inbound rule on the firewall.

Have you tried disabling the firewall and trying again. Firewall on modem.

Author

Commented:
Wan NAT filtering to open
Upnp already on.

Tried synching to time.windows but still error message.

Had to disable NAT filtering to disable firewall but immediately lost remote connection and i cannot re-connect, so i will not be able to restart router for another 8 hours ( 1 am this end)
Thomas GrassiSystems Administrator

Commented:
From you computer

cmd prompt

ping pool.ntp.org

tracert pool.ntp.org

Results?

Author

Commented:
Today i have replaced the netgear router with a new tp-link unit, the netgear being a stop gap since the original was damamged by lightning some weeks ago. Be aware the time issue preceeded the recent router swaps. I haven't had time to double check but i think, just think, that the time isssue has been resolved !!!. I will double check this later today (sat). I didn't make any specific changes from the default settings on the to-link router for this issue as there wasn't time and the users were desperate to get on with their work etc.
I will report back. Ta

Author

Commented:
I spoke to soon , time reversion is still happening. I have time with the machine tomorrow ( mon) all day main using playing golf.
The mordem/router has been changed to a TP-linkW8951 ND unit which does incidently have a DMZ and time server function..

Meanwhile the tracert and ping of pool.ntp.org works ok from the machine. I'm hoping to be with the machine all day tomorrow and may well clean-ish boot with only microsoft services enabled to see what the clock does. Any helpful suggestions for tomorrow will be most gratefully received. I've attached  a text file from the events viewer from yesterday to depict the shananigans.
Thanks
Keith
mainden.txt
Thomas GrassiSystems Administrator

Commented:
The event log shows successful time settings

If the computers clock is reverting back to another time you have something running on this computer that is conflicting .

Have you tried the msconfig instructions I posted before?

Author

Commented:
Will do the cleanish boot tomorrow and see how the clock performs
Can you confirm please setup of ntp is like this?
http://www.satsignal.eu/ntp/setup.html

Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)  must be installed in order for ntp to function correctly.
http://www.microsoft.com/en-ca/download/details.aspx?id=5582

So basically Ntp is a visual c++ program and without the above link windows can't run Ntp without it.

Author

Commented:
Ran machine in clean boot mode for 2 hours this morning and the clock behaved itself. Rebooted with the Kineticd online backup services running and the clock was retarded by 11-12 minutes within 15 minutes. Rebooted without Kineticd services and once again the clock behaved itself. I have put the issue to Kineticd support and i am awaiting a response.
The online backup software makes sense given that it has the authourity to change the clock, it has a continuous component running and it has an interest it system time/date when it comes to updated / updating files.

Thanks for all your efforts.

Keith

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial