Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Conexant PCI Soft Data Fax Modem with SmartCP

  • Please log in to reply
No replies to this topic

#1 Brian Busche

Brian Busche

  • Members
  • 1 posts
  • Local time:02:14 PM

Posted 10 April 2010 - 09:48 AM

On my Windows XP SP2 computer from Gateway, I was browsing my c:\WINDOWS folder the other day and I noticed a modem log file. I don't have a modem, so I read through it and found that a Conexant "soft modem" had been installed and appears to make a connection every night. Here is an example of the modem log file...

04-10-2010 06:50:21.884 - File: C:\WINDOWS\system32\tapisrv.dll, Version 5.1.2600
04-10-2010 06:50:21.884 - File: C:\WINDOWS\system32\unimdm.tsp, Version 5.1.2600
04-10-2010 06:50:21.884 - File: C:\WINDOWS\system32\unimdmat.dll, Version 5.1.2600
04-10-2010 06:50:21.884 - File: C:\WINDOWS\system32\uniplat.dll, Version 5.1.2600
04-10-2010 06:50:22.087 - File: C:\WINDOWS\system32\drivers\modem.sys, Version 5.1.2600
04-10-2010 06:50:22.087 - File: C:\WINDOWS\system32\modemui.dll, Version 5.1.2600
04-10-2010 06:50:22.087 - File: C:\WINDOWS\system32\mdminst.dll, Version 5.1.2600
04-10-2010 06:50:22.087 - Modem type: PCI Soft Data Fax Modem with SmartCP
04-10-2010 06:50:22.087 - Modem inf path: oem4.inf
04-10-2010 06:50:22.087 - Modem inf section: ModemX
04-10-2010 06:50:22.087 - Matching hardware ID: pci\ven_14f1&dev_2f20&subsys_200014f1
04-10-2010 06:50:22.587 - 115200,8,N,1, ctsfl=1, rtsctl=2
04-10-2010 06:50:22.587 - Initializing modem.
04-10-2010 06:50:22.587 - DSR is low while initializing the modem. Verify modem is turned on.
04-10-2010 06:50:22.603 - Send: AT<cr>
04-10-2010 06:50:22.603 - Recv: <cr><lf>OK<cr><lf>
04-10-2010 06:50:22.603 - Interpreted response: OK
04-10-2010 06:50:22.618 - Send: AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>
04-10-2010 06:50:22.759 - Recv: <cr><lf>OK<cr><lf>
04-10-2010 06:50:22.759 - Interpreted response: OK
04-10-2010 06:50:22.775 - Send: ATS7=60S30=0L1M1+ES=3,0,2;+DS=3;+IFC=2,2;X4<cr>
04-10-2010 06:50:22.775 - Recv: <cr><lf>OK<cr><lf>
04-10-2010 06:50:22.775 - Interpreted response: OK
04-10-2010 06:50:22.775 - Waiting for a call.
04-10-2010 06:50:22.775 - Send: at+vcid=1<cr>
04-10-2010 06:50:22.775 - Recv: <cr><lf>OK<cr><lf>
04-10-2010 06:50:22.775 - Interpreted response: OK
04-10-2010 06:50:22.790 - Send: ATS0=0<cr>
04-10-2010 06:50:22.790 - Recv: <cr><lf>OK<cr><lf>
04-10-2010 06:50:22.790 - Interpreted response: OK

I uninstalled the Conexant Soft modem and was shocked to see it had re-installed itself the next day. There is a setupapi.log that sits in the c:\WINDOWS folder, which seems to verify this behavior....

[SetupAPI Log]
OS Version = 5.1.2600 Service Pack 2
Platform ID = 2 (NT)
Service Pack = 2.0
Suite = 0x0100
Product Type = 1
Architecture = x86
[2010/04/10 06:43:16 956.3 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_14f1&dev_2f20&subsys_200014f1&rev_00,pci\ven_14f1&dev_2f20&subsys_200014f1,pci\ven_14f1&dev_2f20&cc_078000,pci\ven_14f1&dev_2f20&cc_0780
#-018 Searching for compatible ID(s): pci\ven_14f1&dev_2f20&rev_00,pci\ven_14f1&dev_2f20,pci\ven_14f1&cc_078000,pci\ven_14f1&cc_0780,pci\ven_14f1,pci\cc_078000,pci\cc_0780
#-198 Command line processed: C:\WINDOWS\system32\services.exe
#I393 Modified INF cache "C:\WINDOWS\inf\INFCACHE.1".
#I022 Found "PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1" in C:\windows\i386\DRV\MOD\pdrslsm5k.inf; Device: "PCI Soft Data Fax Modem with SmartCP"; Driver: "PCI Soft Data Fax Modem with SmartCP"; Provider: "CXT"; Mfg: "CXT"; Section name: "ModemX".
#I023 Actual install section: [ModemX.NT]. Rank: 0x00000001. Effective driver date: 03/18/2005.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [ModemX] in "c:\windows\i386\drv\mod\pdrslsm5k.inf".
#I320 Class GUID of device remains: {4D36E96D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of "PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&1E46F438&0&00F0".
#-166 Device install function: DIF_REGISTER_COINSTALLERS.
#I056 Coinstallers registered.
#-166 Device install function: DIF_INSTALLINTERFACES.
#-011 Installing section [ModemX.NT.Interfaces] from "c:\windows\i386\drv\mod\pdrslsm5k.inf".
#I054 Interfaces installed.
#-166 Device install function: DIF_INSTALLDEVICE.
#I123 Doing full install of "PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&1E46F438&0&00F0".
#I121 Device install of "PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&1E46F438&0&00F0" finished successfully.

If this isn't a virus, it's ethically questionable at the very least. I have run several anti-virus and spyware removal programs and they find nothing wrong with my machine. Perhaps this is something that Gateway installs, but I fear it could be something more nefarious.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users