C:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll
Might have to change owner to get it.
Weird Shortcut in C: (snqn) and suspected Ramnit?
Started by
roadran
, Mar 10 2012 09:35 AM
#91
Posted 16 March 2012 - 11:56 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
C:\Windows\winsxs\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll
Might have to change owner to get it.
#92
Posted 16 March 2012 - 12:08 PM
roadran
- Topic Starter
-
- Member
-
- 142 posts
Member
Yes I did, but alast, nothing.
#93
Posted 16 March 2012 - 03:39 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Right click on Computer and select Manage then Services and Applications and then Services. Find Windows Time if it is there. Right click on it and select Properties then:
Is there a Display Name? Should say:
Windows Time
Is there a description? It should say:
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path to Executable:
C:\Windows\system32\svchost.exe -k LocalService
Service Status:
Started
On the Logon page:
Check: This Account
It should say Local Service. Even if it does, Change it to:
NT AUTHORITY\LocalService
Delete the two password entries
Then Apply. (It should change back to Local Service and readd the passwords.) It should tell you it will take effect after you restart the service.
Go back to the General page and Stop the service then Start the service.
Report any errors you get.
Is there a Display Name? Should say:
Windows Time
Is there a description? It should say:
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path to Executable:
C:\Windows\system32\svchost.exe -k LocalService
Service Status:
Started
On the Logon page:
Check: This Account
It should say Local Service. Even if it does, Change it to:
NT AUTHORITY\LocalService
Delete the two password entries
Then Apply. (It should change back to Local Service and readd the passwords.) It should tell you it will take effect after you restart the service.
Go back to the General page and Stop the service then Start the service.
Report any errors you get.
#94
Posted 16 March 2012 - 05:43 PM
roadran
- Topic Starter
-
- Member
-
- 142 posts
Member
No errors other than the usual "Settings can't be saved" Do you want me to run SFC to check the files?
#95
Posted 16 March 2012 - 07:01 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
When exactly do you get the Savings can't be Saved? Was then when you were in the Services Menu or when you tried to set the time?
You can run SFC anytime.
You can run SFC anytime.
#96
Posted 16 March 2012 - 07:05 PM
roadran
- Topic Starter
-
- Member
-
- 142 posts
Member
When i try to sync.
#97
Posted 16 March 2012 - 07:17 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Try Process Monitor again. This time before you save it, set a filter :
Filter, Filter, change Architecture to Path. Change Is to Contains. Type in Time in the next box. Include stays the same. Hit Add then Apply and OK.
That should just leave the critical lines in the file and make it easier to read. Then Save, click Events displayed..
CSV, OK
Filter, Filter, change Architecture to Path. Change Is to Contains. Type in Time in the next box. Include stays the same. Hit Add then Apply and OK.
That should just leave the critical lines in the file and make it easier to read. Then Save, click Events displayed..
CSV, OK
#100
Posted 17 March 2012 - 12:12 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
SFC said it repaired our friend w32time.dll:
2012-03-16 21:19:40, Info CSI 000002ef [SR] Repairing 1 components
2012-03-16 21:19:40, Info CSI 000002f0 [SR] Beginning Verify and Repair transaction
2012-03-16 21:19:40, Info CSI 000002f1 [SR] Cannot repair member file [l:22{11}]"w32time.dll" of Microsoft-Windows-Time-Service, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-03-16 21:19:40, Info CSI 000002f2 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:22{11}]"w32time.dll" by copying from backup
2012-03-16 21:19:40, Info CSI 000002f3 Repair results created:
POQ 124 starts:
0: Create File: File = [l:242{121}]"\SystemRoot\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll", Attributes = 00000080
1: Move File: Source = [l:166{83}]"\SystemRoot\WinSxS\Temp\PendingRenames\080ea306dc03cd0118370000ec0bf00f.w32time.dll", Destination = [l:242{121}]"\SystemRoot\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll"
Don't suppose it made any difference.
Odd thing I see in your ProcessMon log is that it look in Syswow64 and in System (not System32) before finding it in Windows.
Mine just looks in System32. I will try to get my friend with a 64 bit system to do the same thing and send me the log.
The other thing I see is what looks like a write to the CMOS to set the time there. That may be where it is failing since the writes to the registry all look good.
Can you boot into the BIOS setup and set the time manually? Does it take?
2012-03-16 21:19:40, Info CSI 000002ef [SR] Repairing 1 components
2012-03-16 21:19:40, Info CSI 000002f0 [SR] Beginning Verify and Repair transaction
2012-03-16 21:19:40, Info CSI 000002f1 [SR] Cannot repair member file [l:22{11}]"w32time.dll" of Microsoft-Windows-Time-Service, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2012-03-16 21:19:40, Info CSI 000002f2 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:22{11}]"w32time.dll" by copying from backup
2012-03-16 21:19:40, Info CSI 000002f3 Repair results created:
POQ 124 starts:
0: Create File: File = [l:242{121}]"\SystemRoot\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll", Attributes = 00000080
1: Move File: Source = [l:166{83}]"\SystemRoot\WinSxS\Temp\PendingRenames\080ea306dc03cd0118370000ec0bf00f.w32time.dll", Destination = [l:242{121}]"\SystemRoot\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_e49c555686fbabd6\w32time.dll"
Don't suppose it made any difference.
Odd thing I see in your ProcessMon log is that it look in Syswow64 and in System (not System32) before finding it in Windows.
Mine just looks in System32. I will try to get my friend with a 64 bit system to do the same thing and send me the log.
The other thing I see is what looks like a write to the CMOS to set the time there. That may be where it is failing since the writes to the registry all look good.
Can you boot into the BIOS setup and set the time manually? Does it take?
#101
Posted 18 March 2012 - 09:19 AM
roadran
- Topic Starter
-
- Member
-
- 142 posts
Member
Yes, I can change it in the BIOS manually.
#102
Posted 18 March 2012 - 12:22 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I assume this is the Sony Vgn-nw265f we are working on. Go to
http://esupport.sony...=3#/downloadTab
Under Motherboard should be two entries.
Intel® 5 Series 6 Port SATA AHCI Controller / ICH9M-E/M SATA AHCI Controller Driver Update
and
Intel® Chipset Driver
See if you can download, save and install (right click and run as admin) either or both of them.
Ron
PS. We are going on a trip tomorrow. Won't get back until Friday. Will take my computer but don't know if I will have web access or not so replies may be slow.
http://esupport.sony...=3#/downloadTab
Under Motherboard should be two entries.
Intel® 5 Series 6 Port SATA AHCI Controller / ICH9M-E/M SATA AHCI Controller Driver Update
and
Intel® Chipset Driver
See if you can download, save and install (right click and run as admin) either or both of them.
Ron
PS. We are going on a trip tomorrow. Won't get back until Friday. Will take my computer but don't know if I will have web access or not so replies may be slow.
#103
Posted 18 March 2012 - 03:54 PM
roadran
- Topic Starter
-
- Member
-
- 142 posts
Member
Have fun on your vacation1 
I installed them... No affect what so ever.
I installed them... No affect what so ever.
#104
Posted 19 March 2012 - 01:44 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Go in to regedit to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time
and anywhere you see
@%SystemRoot%\system32\w32time.dll
change it to
@%SystemRoot%\w32time.dll (if there is more info on the line that should stay the same)
Also check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time
and anywhere you see
@%SystemRoot%\system32\w32time.dll
change it to
@%SystemRoot%\w32time.dll (if there is more info on the line that should stay the same)
Also check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
