# What is Centinel VxD?



## seamus8u (Apr 20, 2004)

Hopefully this isn't a bug; hoping it's part of the Panda IS that I just installed. It popped up, when I was shutting down, as a "not responding". If it is part of my Panda I was curious why it would be non-responsive. If I'm not even close then just inform me of how silly my question is and use the back of your hand on me. What is Centinel VxD? Thanks for the help!


----------



## Byteman (Jan 24, 2002)

Hi, Are you sure there is a C at the start of the filename, not an S? sentinel.vxd is a legitimate part of some Windows hardware drivers....such as a dongle driver, for a program called Sentinel System Drivers, pretty sure you would know if you had this....and, if your spelling IS correct, yes centinel.vxd is part of an antivirus program
See here in list of processes that the Optix trojan worm looks for and will stop from running:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.05.html

So, it is most likely a good file- I have no idea why it would have stopped responding, by any chance are you running more than one antivirus program??


----------



## seamus8u (Apr 20, 2004)

Logfile of HijackThis v1.97.7
Scan saved at 9:23:45 PM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/sbc/3.0.0.40/setup.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4sbc.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe


----------



## seamus8u (Apr 20, 2004)

There it is...there's my life! I feel naked now! Any issues?


----------



## Byteman (Jan 24, 2002)

Checking.....nothing really I can tell without doing some searching, the one entry

O4 - HKLM\..\Run: [netsrvi] C:\WINDOWS\System32\netsrvi.exe

Please, do not fix anything yet!!!

netsrvi.exe looks really suspicious, and I get no hits with Google, except for a recent post on another forum that shows some infections, so it may be something new, I hope not tho.

edit: the "Unknown" LSPfile pavlsp.dll is Panda Titanium 2004, so do NOT let anyone tell you to fix it!!!!!!!


----------



## Byteman (Jan 24, 2002)

Hi, You'll probably hear from someone about the amazing amount of things you have running at startup....things like Nero burning software and half the Hp entries do not need to be going all the time and there are others. I gotta get some sleep, so you may have other responses.... zzzzzzzzzzz.


----------



## seamus8u (Apr 20, 2004)

Now my Internet connection won't work unless I disable my Panda firewall. That bytes! What would make that happen?


----------



## seamus8u (Apr 20, 2004)

Never mind about that firewall thingy, I forgot to configure when I installed. Doi! I used my search engine and found netsrvi.exe on computer cops. Someone else had posted it on their HJT report. Maybe that's the one you saw. Slightly strange that those are the only two places to have seen that file. On mine and one other persons. I disabled it from the startup...I use AceUtilities and it even informed me that it was strange. Ace told me to check the path for that file(netsrvi.exe). Pavfires.exe is using 13000k of memory...I don't know what that is. explorer.exe is using 15200k...not sure what that means. My browser is using 45100k memory...does that matter? I've had issues with my computer being slow also that's the only reason I mention those things. I've posted three other similar posts here. Any more help would obviously be helpful!


----------



## cybertech (Apr 16, 2002)

Pavfires is Panda antivirus sw.


----------



## Byteman (Jan 24, 2002)

Hi, Yes, the netsrvi.exe is either a brand new legitimate file or a malware... too soon to tell I suppose, but others may have ways to learn more about it, and there are places you can submit it for an "exam" that might get it included in detections in various types of malware spotters, a/virus programs, etc.... 
Let me see if I can round up some places for you to send a zipped copy of the file to the experts, OK?

I will put an EDIT into this thread, not a new reply....

http://www.lavahelp.com/submit/index.html

http://submit.lavahelp.com/
Either one may or may not work.....

http://www.kaspersky.com/remoteviruschk.html

Please post if you need help submitting the file.

make sure you have "Show all files" enabled! 
Also make sure you have "Hide file extensions for known file types" not checked (disabled) in Windows Explorer
View or Tools tab settings on any WExplorer window....so you can find, and make sure of the exact filename.


----------



## Larespo1 (May 29, 2004)

Byteman said:


> Hi, Are you sure there is a C at the start of the filename, not an S? sentinel.vxd is a legitimate part of some Windows hardware drivers....such as a dongle driver, for a program called Sentinel System Drivers, pretty sure you would know if you had this....and, if your spelling IS correct, yes centinel.vxd is part of an antivirus program
> See here in list of processes that the Optix trojan worm looks for and will stop from running:
> 
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optix.05.html
> ...


 Thanks for the reassurance. I uninstalled and reinstalled the Panda Internet Securities and the famous box with Centinel VxD went bye bye. 
Also, sent a brief note to the Panda -- they need to know when they put people out with their products.


----------



## yolipook (Jun 3, 2004)

seamus8u said:


> Hopefully this isn't a bug; hoping it's part of the Panda IS that I just installed. It popped up, when I was shutting down, as a "not responding". If it is part of my Panda I was curious why it would be non-responsive. If I'm not even close then just inform me of how silly my question is and use the back of your hand on me. What is Centinel VxD? Thanks for the help!


Okay, so what was the verdict on this. My computer keeps freezing up and when I try to restart I get that same message. Is it a Panda thing? It's only been recently that I noticed it maybe last week or so. Thanks for any info!


----------



## tristesobre (Jul 30, 2004)

Hey there.


In your panda antivirus software, try disable floppy disc scan when shutting down the computer. Should be an option somewhere.
Might solve your problem.


----------



## joyartful (Nov 14, 2004)

i wrote to Panda about this Centinel Vxd thing because i was getting the error messager described here each time i powered down my computer..Panda replied by saying that the VxD file is the file for the icon in the system tray & that the error indicates that that file is "bad or corrupted"...they instructed me to uninstall & reinstall. I did so & Centinel ,thus far, has disappeared .[ good riddance,..i thought it was a trojan ]


----------



## Byteman (Jan 24, 2002)

Hi, Thanks for giving us the info about clearing up the error :up:


----------



## joyartful (Nov 14, 2004)

there may be an even easier fix..i noticed that the centinel message comes up After the "scanning floppy drive": message appears...a friend of mine who has panda simply unchecked the "scan floppy drive.." setting [ in general settings ] & the centinel error disappeared...


----------



## rlw (Mar 12, 2005)

I've put Panda on 2 of my systems, the other 2 have NIS.
I've had to reinstall panda on both system already and now they both start coming up with the same *.vxd error you guys are talking about.

It is more than a corrupt file. It's a major security issue allowing this to occur.

I can assure you I will NOT be renewing this product when it expires. Not unless they start doing their jobs and stop blaming everything on "corrupt files".

The tech support "Indian" for NIS is slow and redundant but at least they don't blame everything on corrupt files.

This is BS you shouldn't have to keep installing a decent product every other month.


----------



## rambo678 (Nov 11, 2005)

I'm in complete agreement. I've had this error message for weeks now so hopefully the suggested fix will get rid of the problem. But I'm just getting sick and tired of the poor performance of Panda.... it eats up far too many resources. This morning it took almost 1 minute to open a 1-page Word document. When I investigated, Panda was taking up over 95% of system resources while Word was opening. I've got McAfee running on another machine.... no problems. I think I'll ditch Panda!


----------



## LALAKES (Aug 3, 2006)

I HAVE THE SAME PROBLEM. I BOUGHT IT IN OFFICE MAX MEXICO CITY. I REALLY HAVE 
A BAD TIME WITH THIS SOFTWARE, SOMETIMES I HAVE TO RESTART BECAUSE ALL THOSE WEIRDO WINDOWS!!! I REALLY WOULD NEVER RECOMEND PANDA SOFTWARE. :down: CHEERS.


----------



## cybertech (Apr 16, 2002)

This thread is solved. I am closing it now if you need it reopened pm me or any other moderator.

Anyone with a similar problem *Please start a new thread! *


----------

