What is Centinel VxD?

[seamus8u]

Hopefully this isn't a bug; hoping it's part of the Panda IS that I just installed. It popped up, when I was shutting down, as a "not responding". If it is part of my Panda I was curious why it would be non-responsive. If I'm not even close then just inform me of how silly my question is and use the back of your hand on me. What is Centinel VxD? Thanks for the help!

 

[Byteman]

Hi, Are you sure there is a C at the start of the filename, not an S? sentinel.vxd is a legitimate part of some Windows hardware drivers....such as a dongle driver, for a program called Sentinel System Drivers, pretty sure you would know if you had this....and, if your spelling IS correct, yes centinel.vxd is part of an antivirus program
See here in list of processes that the Optix trojan worm looks for and will stop from running:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.05.html

So, it is most likely a good file- I have no idea why it would have stopped responding, by any chance are you running more than one antivirus program??

 

[seamus8u]

Logfile of HijackThis v1.97.7
Scan saved at 9:23:45 PM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.40/setup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4sbc.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

 

[seamus8u]

There it is...there's my life! I feel naked now! Any issues?

 

[Byteman]

Checking.....nothing really I can tell without doing some searching, the one entry

O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe

Please, do not fix anything yet!!!

netsrvi.exe looks really suspicious, and I get no hits with Google, except for a recent post on another forum that shows some infections, so it may be something new, I hope not tho.

edit: the "Unknown" LSPfile pavlsp.dll is Panda Titanium 2004, so do NOT let anyone tell you to fix it!!!!!!!

 

[Byteman]

Hi, You'll probably hear from someone about the amazing amount of things you have running at startup....things like Nero burning software and half the Hp entries do not need to be going all the time and there are others. I gotta get some sleep, so you may have other responses.... zzzzzzzzzzz.

 

[seamus8u]

Now my Internet connection won't work unless I disable my Panda firewall. That bytes! What would make that happen?

 

[seamus8u]

Never mind about that firewall thingy, I forgot to configure when I installed. Doi! I used my search engine and found netsrvi.exe on computer cops. Someone else had posted it on their HJT report. Maybe that's the one you saw. Slightly strange that those are the only two places to have seen that file. On mine and one other persons. I disabled it from the startup...I use AceUtilities and it even informed me that it was strange. Ace told me to check the path for that file(netsrvi.exe). Pavfires.exe is using 13000k of memory...I don't know what that is. explorer.exe is using 15200k...not sure what that means. My browser is using 45100k memory...does that matter? I've had issues with my computer being slow also that's the only reason I mention those things. I've posted three other similar posts here. Any more help would obviously be helpful!

 

[cybertech]

Pavfires is Panda antivirus sw.

 

[Byteman]

Hi, Yes, the netsrvi.exe is either a brand new legitimate file or a malware... too soon to tell I suppose, but others may have ways to learn more about it, and there are places you can submit it for an "exam" that might get it included in detections in various types of malware spotters, a/virus programs, etc....
Let me see if I can round up some places for you to send a zipped copy of the file to the experts, OK?

I will put an EDIT into this thread, not a new reply....

http://www.lavahelp.com/submit/index.html

http://submit.lavahelp.com/
Either one may or may not work.....

http://www.kaspersky.com/remoteviruschk.html

Please post if you need help submitting the file.

make sure you have "Show all files" enabled!
Also make sure you have "Hide file extensions for known file types" not checked (disabled) in Windows Explorer
View or Tools tab settings on any WExplorer window....so you can find, and make sure of the exact filename.

 

[Larespo1]

Hi, Are you sure there is a C at the start of the filename, not an S? sentinel.vxd is a legitimate part of some Windows hardware drivers....such as a dongle driver, for a program called Sentinel System Drivers, pretty sure you would know if you had this....and, if your spelling IS correct, yes centinel.vxd is part of an antivirus program
See here in list of processes that the Optix trojan worm looks for and will stop from running:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.05.html

So, it is most likely a good file- I have no idea why it would have stopped responding, by any chance are you running more than one antivirus program??

Thanks for the reassurance. I uninstalled and reinstalled the Panda Internet Securities and the famous box with Centinel VxD went bye bye.
Also, sent a brief note to the Panda -- they need to know when they put people out with their products.

 

[yolipook]

Hopefully this isn't a bug; hoping it's part of the Panda IS that I just installed. It popped up, when I was shutting down, as a "not responding". If it is part of my Panda I was curious why it would be non-responsive. If I'm not even close then just inform me of how silly my question is and use the back of your hand on me. What is Centinel VxD? Thanks for the help!

Okay, so what was the verdict on this. My computer keeps freezing up and when I try to restart I get that same message. Is it a Panda thing? It's only been recently that I noticed it maybe last week or so. Thanks for any info!

 

[tristesobre]

Hey there.


In your panda antivirus software, try disable floppy disc scan when shutting down the computer. Should be an option somewhere.
Might solve your problem.

 

[joyartful]

i wrote to Panda about this Centinel Vxd thing because i was getting the error messager described here each time i powered down my computer..Panda replied by saying that the VxD file is the file for the icon in the system tray & that the error indicates that that file is "bad or corrupted"...they instructed me to uninstall & reinstall. I did so & Centinel ,thus far, has disappeared .[ good riddance,..i thought it was a trojan ]

 

[Byteman]

Hi, Thanks for giving us the info about clearing up the error