DATE CHANGING IN WIN 7 pro new install even with MB 3.0 running

[Kurttb1]

Recently started building new computer- New harddrive,installed  Win7pro sp1 which shows it is activated and genuine. HOWEVER,

The date on my computer has been changing.   I initially noticed this when I was trying to find out why MB 3. was saying it wasn't up to date or I wasn't fully protected.  I have figured if it was a bug MB 3. would have found it by now since I've been running the computer and setting the time back or up to correct it 5 or 6 times now.  And in the meantime MB 3. shows I am fully protected and there are no issues found.  I started looking for other possible problems since I am more of a novice at computer stuff, and thought maybe problem is in my OS.  So far I have also found that Windows update is not working.   Anyway downloaded that Atomic Clock thing from Cnet and evidently the windows time service was not running cause the program didn't stop anything I keep going thru the process and it did say it started the time service so I have only a vague Idea of what all this techinically does.  To make a long story short seems like if the time issue was a bug or is a bug if it continues then MB3. is not catching it.  And if anyone can help with the windows update problem ..that would be great... I am somewhat past the attempt to install the stand alone windows installer which seemed to STALL and never get past looking for updates on my computer, even after 35 minutes, it said it might take 15min so I planned on that however after 35 I figured I need to find something different or redo or reinstall OS and start over or something??? any ideas would be great, Thanks Kurt

[Ried]

Hello Kurttb1

I'm not sure how much I can help with Windows issues as this area is about Malwarebytes 3.0 issues (we may need some Windows Experts to jump in here), but I'll take a look and see if I can spot anything.

1. First thing to check is the computer time as set in the BIOS - is that set correctly?

2. What are your Clock settings set to sync to? Click on the clock and select 'Change date and time settings..' Click the Internet Time tab. What do you see there?

3. Is the Windows Time service running? Click Start > Run and type the following into the Run box and click OK

services.msc

The services are listed alphabetically - look for Windows Time. What is the state?

Next, the following scanner will not make any changes to your machine on its own, nor will it divulge any personal information that may compromise your security.

  Please download Farbar Recovery Scan Tool from here http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your desktop.

Note: You need to run the version compatible with your system

  **After you click the Download Now 64-bit, or the Download Now 32-bit, another page will open -- DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

•Double-click to run it. When the tool opens click Yes to the disclaimer.

Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.

•Click the Scan button.

•When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.

•The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.

 

[Firefox]

Just to chime in about the time changing on the computer....

How old is the CMOS battery on the motherboard?  If the battery is dead or too old then that explains the time changing on the computer.  Also if the date and time is not correct it can affect windows updates as well.

[Kurttb1]

Gosh that computer must have headers...and slicks..

Thanks for chiming in,    Brand new motherboard. Finally got the updates to working after fighting with trying to figure out why my DATES were changing.   At this point I am considering the culprit was a virus considering THE TIME always stayed correct.  I remember a pop-up coming up (in the midst of installing various programs) which wanted me to change my time updating service to something, don't remember much but I denied it.  Anyway as I was trying to figure out update problems ran into something called a "Prefetch" folder in windows which had a future date on the folder and inside was more future dates  AND this other folder SoftwareDistribution with a future date and inside of that was a file called windowsupdater which turns off or on windows update.   I changed both main files to PrefetchOLD and Software DistributionOLD.   I don't really know if this done anything because it was awhile later that I found out I had to download a cumulative Stack file for Win 7 before I could run the stand alone updater which in turn would get windows reg update up and running.   If anyone knows anything about this I'm all ears.  I think there is a virus, worm, or trojan that MB3 isn't catching BUT I could be wrong, nothing new 4 me since I am somewhat paranoid when it comes to malware, etc..

[Kurttb1]

Lisa,   it may be a little late to run farbar since I have got updates working.  However will have to wait awhile to see if the dates change again. IF so will do the farbar log.

[Ried]

Please run the Farbar log anyway.

[Kurttb1]

Ok Lisa,  you talked me into it, might as well see what other issues this farbar can dig up since I am halfway in the dark about all the goings on inside my computer.

 

Here is the attached files,   btw  I do appreciate all the help! :-)

FRST.txt

Addition.txt

Edited December 15, 2016 by Kurttb1

[Kurttb1]

Lisa, Do you think I need to reinstall from scratch?

[Ried]

Take a look at the Addition.txt and scroll down to the area of Event log errors.  You have problems with WMI, Acronis, Bonjour.  Do they warrant starting over? That would be a personal choice and you would need further guidance from Windows Experts here.

What I can tell you is that I do not see any infection in the logs. 

[Kurttb1]

LISA, hold on to your chair !!!  just kidding but I did have something virus, worm, web backdoor, what ever and the person actually took over my administrator account and limited my ability to change anything including the "internet time sync"  So I decided it was too much for me to handle and started over.   This time I used a Windows disc I purchased from Zoftar for another computer I have.   I used the program to install professional but the disc would have installed any of the Win 7 OSes.   I started off with a different computer name and admin name and then after downloading all updates, Norton Internet security, I changed the names back to the original and activated Windows.   My POINT is that YES I did have a BIG HUGE problem and MB3 did not do anything to tell me about it or anything to keep it from taking over my computer.  Another thing, I noticed was after installing the OS on a brand new Corsair SSD different from the first Kingston I installed on and getting everything somewhat secure with Norton and MB3 I decided to attach the first SSD and erase it.  I plugged it in, started my computer and it flashed up a pop-up saying I had to hit the button to see the disc or something like that, this happen on the first SSD Kingston AND on my Seagate 4TB second HD,  both did the flash up on the screen.   I immediately went to control panel etc.. and reformatted both disks, removed the partitions and then recreated new partitions.  I read about a new USB hack which can take over some of your computer even if it is locked, read about this on intel's forum, called "poison (something)" .  Anyway AGAIN I HAD A PROBLEM..  MB3  had no clue what I was dealing with and always showed my computer as AWESOME, except when the date changed then it said MB3 was not up to date.    So far I am having good luck.. and I did change my admin password to 13 characters, I guess that is above normal but If they have a computer to search or go thru numbers figured the longer the better.  CAN Malwarebytes SEE that something besides the administrator is doing things in the computer and warn you??  or better yet stop it and plug up the hole?  No offense to anyone here, just telling you my experience.

[Kurttb1]

P.S. another thing I noticed was that when I created a restore point and then looked at the list of restore points I saw that my computer had created a restore point which was on Dec, 29th 2017,  the correct date would have been Dec 17th, 2017   Anyway I created another restore point trying to override the one on the 29th and could not do that because the new restore point listed under the 29th which always stayed as the latest restore point.  I guess that way if anyone restore the computer they would most likely restore into the wrong date and or at least get the same bug, virus or whatever it was.  I would like to know.... what someone here at the forum says this was.   Thanks again, Kurt

[TempLost]

6 hours ago, Kurttb1 said:

LISA, hold on to your chair !!!  just kidding but I did have something virus, worm, web backdoor, what ever and the person actually took over my administrator account and limited my ability to change anything including the "internet time sync"  So I decided it was too much for me to handle and started over.   This time I used a Windows disc I purchased from Zoftar for another computer I have.   I used the program to install professional but the disc would have installed any of the Win 7 OSes.   I started off with a different computer name and admin name and then after downloading all updates, Norton Internet security, I changed the names back to the original and activated Windows.   My POINT is that YES I did have a BIG HUGE problem and MB3 did not do anything to tell me about it or anything to keep it from taking over my computer.  Another thing, I noticed was after installing the OS on a brand new Corsair SSD different from the first Kingston I installed on and getting everything somewhat secure with Norton and MB3 I decided to attach the first SSD and erase it.  I plugged it in, started my computer and it flashed up a pop-up saying I had to hit the button to see the disc or something like that, this happen on the first SSD Kingston AND on my Seagate 4TB second HD,  both did the flash up on the screen.   I immediately went to control panel etc.. and reformatted both disks, removed the partitions and then recreated new partitions.  I read about a new USB hack which can take over some of your computer even if it is locked, read about this on intel's forum, called "poison (something)" .  Anyway AGAIN I HAD A PROBLEM..  MB3  had no clue what I was dealing with and always showed my computer as AWESOME, except when the date changed then it said MB3 was not up to date.    So far I am having good luck.. and I did change my admin password to 13 characters, I guess that is above normal but If they have a computer to search or go thru numbers figured the longer the better.  CAN Malwarebytes SEE that something besides the administrator is doing things in the computer and warn you??  or better yet stop it and plug up the hole?  No offense to anyone here, just telling you my experience.

I had never heard of Zoftar but a quick Google search throws up some concerns about them. Are you sure that disk is legit? 

[Kurttb1]

Well Templost,   I've never had any problem with their products. I realize they are not running with the big dogs sorta speak but as far as I know there have been no virus, malware, bloatware etc in the recover disks they can supply.   I know they do not supply or sell windows Key, you have to already have one for your computer in order to activate.

[Ried]

What infection was it?  Details would help.

[Kurttb1]

Lisa I have no idea the name of what I had.  All I can tell someone is the characteristics of what I saw happening as I continued to try and track down why my DATE (not hour) kept changing.   Looks to me though it must have been some kind of ransomware the way it started to shut down areas of my computer such as the internet time sync and then later the pop up when I tried to reattach initial OS  SSD and my storage HD.  As I said it also made a restore point which was post dated to the 29th of December.  I am worried  that this might be sneaking in with Acronis or Goodsync 2 programs I use which I have not installed yet.. and somewhat scared to,  however,  I just got one of those Orico external HD clone setups which is supposed to make an image or exact copy from one hard drive to the other.  My first time doing this so I might be crying later.

[Kurttb1]

After REnewed win 7 installation, everything is going ok until I install Acronis next day I have a "date Change" , "Malwarebytes saying it is not up to date" -this most likely due to the date changed forward.  """"""" Malwarebytes needs to recognize a date change by some self contained internal mechanism to check against the computer date, this guard could Flag or trigger MB that a ransomware issue was taking place.  Also not realizing my computer date was changed, I installed windows updates not realizing the date was set forward... and the computer made restore points on the future date.  Is there a way to eliminate ALL restore points,  when disk cleanup removes old restore points does it look at the actual date of the restore points to say this restore point was made last?  If so then the computer never could not remove the future dated restore point until the computer actually got to that date. 

 

SO NOW,  I was fortunate I did have an ACronis back-up which I made the minute after I installed Acronis which I am hoping is not infected but I seriously doubt it considering what I am seeing,  evidently this malware, virus, worm, trojan, or Kosack is riding on the back of a legit program and not triggering anything.  I am still waiting for someone to tell me what it is.   ALSO  Waiting for  MB4  ZOMBIE KILLER. lol

[Kurttb1]

1/2/2017 With MB3 installed had a "date change from 1/2/2017 >>1/3/2017   and system made a restore point for the 1/3/2017 date

I could not use system restore .. it wouldn't revert.  So I had to recover using acronis.  So far I am ok but have kept network off nearly all day.  Also just changed my win7password again.   See new Thread, guess that's what you call it  :  SEE>>>   Date Hack