1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What is Centinel VxD?

Discussion in 'Virus & Other Malware Removal' started by seamus8u, Apr 20, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. seamus8u

    seamus8u Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    121
    Hopefully this isn't a bug; hoping it's part of the Panda IS that I just installed. It popped up, when I was shutting down, as a "not responding". If it is part of my Panda I was curious why it would be non-responsive. If I'm not even close then just inform me of how silly my question is and use the back of your hand on me. What is Centinel VxD? Thanks for the help!
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Are you sure there is a C at the start of the filename, not an S? sentinel.vxd is a legitimate part of some Windows hardware drivers....such as a dongle driver, for a program called Sentinel System Drivers, pretty sure you would know if you had this....and, if your spelling IS correct, yes centinel.vxd is part of an antivirus program
    See here in list of processes that the Optix trojan worm looks for and will stop from running:

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.05.html

    So, it is most likely a good file- I have no idea why it would have stopped responding, by any chance are you running more than one antivirus program??
     
  3. seamus8u

    seamus8u Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    121
    Logfile of HijackThis v1.97.7
    Scan saved at 9:23:45 PM, on 4/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
    C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\Ahead\nero\nero.exe
    C:\WINDOWS\System32\imapi.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.40/setup.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4sbc.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
     
  4. seamus8u

    seamus8u Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    121
    There it is...there's my life! I feel naked now! Any issues?
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Checking.....nothing really I can tell without doing some searching, the one entry

    O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe

    Please, do not fix anything yet!!!

    netsrvi.exe looks really suspicious, and I get no hits with Google, except for a recent post on another forum that shows some infections, so it may be something new, I hope not tho.

    edit: the "Unknown" LSPfile pavlsp.dll is Panda Titanium 2004, so do NOT let anyone tell you to fix it!!!!!!!
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You'll probably hear from someone about the amazing amount of things you have running at startup....things like Nero burning software and half the Hp entries do not need to be going all the time and there are others. I gotta get some sleep, so you may have other responses.... zzzzzzzzzzz.
     
  7. seamus8u

    seamus8u Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    121
    Now my Internet connection won't work unless I disable my Panda firewall. That bytes! What would make that happen?
     
  8. seamus8u

    seamus8u Thread Starter

    Joined:
    Apr 20, 2004
    Messages:
    121
    Never mind about that firewall thingy, I forgot to configure when I installed. Doi! I used my search engine and found netsrvi.exe on computer cops. Someone else had posted it on their HJT report. Maybe that's the one you saw. Slightly strange that those are the only two places to have seen that file. On mine and one other persons. I disabled it from the startup...I use AceUtilities and it even informed me that it was strange. Ace told me to check the path for that file(netsrvi.exe). Pavfires.exe is using 13000k of memory...I don't know what that is. explorer.exe is using 15200k...not sure what that means. My browser is using 45100k memory...does that matter? I've had issues with my computer being slow also that's the only reason I mention those things. I've posted three other similar posts here. Any more help would obviously be helpful!
     
  9. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,113
    Pavfires is Panda antivirus sw.
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Yes, the netsrvi.exe is either a brand new legitimate file or a malware... too soon to tell I suppose, but others may have ways to learn more about it, and there are places you can submit it for an "exam" that might get it included in detections in various types of malware spotters, a/virus programs, etc....
    Let me see if I can round up some places for you to send a zipped copy of the file to the experts, OK?

    I will put an EDIT into this thread, not a new reply....

    http://www.lavahelp.com/submit/index.html

    http://submit.lavahelp.com/
    Either one may or may not work.....

    http://www.kaspersky.com/remoteviruschk.html

    Please post if you need help submitting the file.

    make sure you have "Show all files" enabled!
    Also make sure you have "Hide file extensions for known file types" not checked (disabled) in Windows Explorer
    View or Tools tab settings on any WExplorer window....so you can find, and make sure of the exact filename.
     
  11. Larespo1

    Larespo1

    Joined:
    May 29, 2004
    Messages:
    1
    Thanks for the reassurance. I uninstalled and reinstalled the Panda Internet Securities and the famous box with Centinel VxD went bye bye.
    Also, sent a brief note to the Panda -- they need to know when they put people out with their products.
     
  12. yolipook

    yolipook

    Joined:
    Jun 3, 2004
    Messages:
    1
    Okay, so what was the verdict on this. My computer keeps freezing up and when I try to restart I get that same message. Is it a Panda thing? It's only been recently that I noticed it maybe last week or so. Thanks for any info! :eek:
     
  13. tristesobre

    tristesobre

    Joined:
    Jul 30, 2004
    Messages:
    1
    Hey there.


    In your panda antivirus software, try disable floppy disc scan when shutting down the computer. Should be an option somewhere.
    Might solve your problem.


    :eek:
     
  14. joyartful

    joyartful

    Joined:
    Nov 14, 2004
    Messages:
    2
    i wrote to Panda about this Centinel Vxd thing because i was getting the error messager described here each time i powered down my computer..Panda replied by saying that the VxD file is the file for the icon in the system tray & that the error indicates that that file is "bad or corrupted"...they instructed me to uninstall & reinstall. I did so & Centinel ,thus far, has disappeared .[ good riddance,..i thought it was a trojan ]
     
  15. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Thanks for giving us the info about clearing up the error (y)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222306

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice