Volume control possessed!! Christmas edition

Well here I am at my family's place for what I thought was a free meal but alas no! They have a problem on their computer that has me stumped!

Their volume control seems to be possessed....there is no volume unless you go in and manually increase the volume but as soon as you let go of the slider it slowly creeps back down to zero....very strange.

My thought process on this is that it is either
1. a malware/virus that is trying to be funny
2. a keyboard error on their multimedia keyboard that has the volume decrease button stuck

HJT log to follow just in case it is a malware issue...any other ideas or suggestions welcomed!
Thanks
Tony
AND MERRY CHRISTMAS EVERYONE!!!

 

Logfile of HijackThis v1.99.1
Scan saved at 4:34:14 PM, on 25/12/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Update Local] C:\Windows\SETCPQLC.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe "
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: OzEmail - {FBCFF92E-2877-4C76-B30C-CC9714D5FA1F} - http://www.ozemail.com.au (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ozemail.com.au
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/uk/win/QuickTimeInstaller.exe
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab

 

Hello and welcome to WindowsBBS Forums.

And Merry Christmas too.

I'm only seeing one item of a suspicious nature, and ActiveX compnent. And I doubt it is causing your volume problem, but lets fix it and see what happens.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

Reboot, run HJT, if the above are gone, no need to repost with new log.


Have you run chkdsk or scanreg utilities to try and correct things?

 

Sndvol.exe, the application that shows the notification tray volume icon, is a GUI interface into the System Volume control. Any changes made there or directly in the System Volume property are reflected in either case: http://www.microsoft.com/resources/...all/proddocs/en-us/app_vol_ctrl.mspx?mfr=true

Applications have APIs available to adjust the sound volume for any stream they host.

Sndvol then adjusts the system volume as appropriate. Since the scale of settings is from 0 (mute) to 1 (Full), the interaction between the System Level Volume setting and an application stream setting is:

System setting * application settings through APIs = final slider setting.

For example, if your System Level is .5, and you adjust through an application the level at .8, the slider shown in Sndvol gets moved to .4 Remember that these are deceibel adjustments, and not truly linear, although Sndvol tried.

That was the basics until XP with Service Pack 2. XP SP2 introduced a new object, a linear tapered control, and its Sndvol.exe uses this new API. Older applications not written for this change are likely the cause of the issue you are experiencing: http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/VolTable.doc

Look for chat, IM, DVD playback, radio applications, and any sound related application that hosts its own slider. By using this session control, depending on the API used by the application, the System level shown by the Volume icon can be adjusted exactly as you describe.

Formally, any application that wants to do this should host its own device. Open the Volume Control and click Options, Properties. If you see only one entry for your sound device, and no other devices, the application is at least in a strictly formal sense poorly written. For its own purposes it should have addded a session level device for sound and other adjustments. And made adjustments only to that device.

 

Bill, I followed your links (and logic) but discovered along the way it is a known problem with one of the sound drivers. M/Soft have posted a fix for 98 and 2000 but not for Win ME...it is a registry fix to do with hardware volume control the listed solution doesn't work for ME for some reason. I will keep looking to see if I can find a fix. Even without any other applications running if we pull the volume slider to the top (ie full volume) on the taskbar you can watch it slowly but surely click downwards back to zero volume. Therefore I reason that it is not as a result of two programs competing or colluding to adjust the volume.

TeMerc....thanks for pointing those nasties out....I am not going to be near that computer for another couple of days but once I get to it I will do the fixes as suggested and post an update.

The volume problem came about after an issue where the audio and graphics drivers both got corrupted somehow, when the users reloaded the audio driver that is when the volume started it's slippery slide downwards.

Thanks,
QK.

 

Could you post the Microsoft KB article you discussed?

One concern is that Microsoft has patched its sound related drivers repeatedly. On XP the last set was October, 2006.

I find it hard to believe that a workstation connected to Windows Update would require a registry change.

But I sincerely believe you. If I read the article it might tickle something for me as to a possible resolution. As far as I know the APIs used by ME for this service are not that much different than the XP version (pre-Service Pack 2), at least as part of the Windows Foundation Class library.

In any case I think you can be assured it is not malware.

Best regards.
Bill

 

Thanks for the reply. I am just about to go and have another stab at this issue and yes, I will dig up the MS KB in question and post it.
Would it be appropriate to move this thread to another forum to keep things tidy?
QK.

 

The knowledge base I referenced was
http://support.microsoft.com/kb/279442/en-us

 

ESS Technologies 1989 sound card driver.
This is an issue with the ESS Technologies reference driver.

If you are using a ESS 1989 driver, make sure you have the last update: http://www.motherboard.cz/sound/ess.htm

But check to see what sound card you in fact are using. The MS KB article is specific in that the issue is only with one reference driver release. And you do not want to install an ESS driver if you do not have an ESS sound device.

 

Thanks for the reply Bill. Yes, they certainly have the ESS 1989 sound card/combo on their computer - therefore there was method in my madness in referencing that particular gem in the KB ;-)

The problem appeared to be from the computer having a couple of versions of the ESS driver on it and windows was always wanting to use the later version. In the end I forced it to use the older driver and the issue is now completely resolved.

Thanks for your and TeMerc's help, you can go ahead and close this thread.

Thanks again for this wonderful resource!
Tony.

 

Glad we could be of assistance.

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.