What is "TDIHOOK service"? Thank you!

[rsong75]

Hi, I found this error message in my WINXP Event viewer: The TDIHOOK service failed to start due to the following error: The system cannot find the file specified.
So what's this service? How can I correct it?
My Winxp cannot shutdown, but instead restart. I think this maybe one of the reason. Is there any other posiibilities?
Thank you.

[NooNoo]

It does not appear in xp services I would treat this service with suspicion - http://housecall.antivirus.com do an online check that cannot be incapacitated.

[Platypus]

I concur, assuming you are running a firewall, you may have a problem which could be part of a hijack, preventing a TDI or NDIS filter-hook from loading could be an attack on a firewall.

If nothing shows up in malware checking, maybe try re-installing your firewall if you are using a third-party program. Or if this started happening after a specific operation on your system like a program installation or removal, system cleanup etc, maybe try a restore to a point prior to that occurrence.

[rsong75]

Sorry for the late reply and thank you NooNoo.
I scaned my computer and no virus found. By the way, I am using norton personal firewall 2003. Any other hints?

It does not appear in xp services I would treat this service with suspicion - http://housecall.antivirus.com do an online check that cannot be incapacitated.

[rsong75]

Sorry for the late reply and thank you Platypus.
Seems it's hard for me to determine which is the cause. From what you said, an attack on my firewall is most possible. This error report happens each time I shut down my winxp.

I concur, assuming you are running a firewall, you may have a problem which could be part of a hijack, preventing a TDI or NDIS filter-hook from loading could be an attack on a firewall.

If nothing shows up in malware checking, maybe try re-installing your firewall if you are using a third-party program. Or if this started happening after a specific operation on your system like a program installation or removal, system cleanup etc, maybe try a restore to a point prior to that occurrence.

[NooNoo]

Please post a list of your processes.

[rsong75]

Hi, NooNoo, the processes of my computer are:
iexplore.exe
taskmgr.exe
msgsys.exe
nvsvc32.exe
matlab.exe
rtvscan.exe
matlabserver.exe
defwatch.exe
ccPxySvc.exe
alg.exe
spoolsv.exe
NISUM.EXE
ccEvtMgr.exe
explorer.exe
svchost.exe (system)
svchost.exe (local service)
svchost.exe(network service)
svchost.exe(system)
svchost.exe(system)
lsass.exe
service.exe
winlogon.exe
csrss.exe
smss.exe
ctfmon.exe
ccApp.exe
Ad-watch.exe
vptray.exe
rundll32.exe
system
system idle process

Thank you.

Please post a list of your processes.

[NooNoo]

Nothing out of the ordinary there. I could well be that Norton Firewall is causing this problem.

In the event viewer, what other information is there?
Event ID ?

[rsong75]

Event ID is: 7000
Thank you.

Nothing out of the ordinary there. I could well be that Norton Firewall is causing this problem.

In the event viewer, what other information is there?
Event ID ?

[NooNoo]

7000 - such a wonderfully informative number....

TDIHOOK if it is spelt exactly like that, should show up in the registry somewhere, probably more than once.

Start, run, regedit
Edit find, TDIHOOK
if it finds one, right click the key, copy key and paste it into a post here please.

[rsong75]

I searched, got nothing for this key word:TDIHOOK in my registry. Weired!

7000 - such a wonderfully informative number....

TDIHOOK if it is spelt exactly like that, should show up in the registry somewhere, probably more than once.

Start, run, regedit
Edit find, TDIHOOK
if it finds one, right click the key, copy key and paste it into a post here please.

[MobilePCPhysician]

Since you're running Norton Firewall, is Windows XP firewall also running?

FILENAME: Alg.exe.
PROGRAM NAME: Application Layer Gateway.
DESCRIPTION: Part of Windows XP that provides support for ICS and Internet Connection Firewall (ICF).
RECOMMENDED ACTION: If a third-party firewall warns you that ALG.exe wants access, check to make sure you're not double-firewalled. If you are, disable ICF. If you are using neither ICF nor ICS and are warned that ALG.exe is trying to access the Net, deny it. A Trojan horse or worm may be trying to use it as a backdoor.

this may cause Windows to not shutdown. Hope it helps.

[rsong75]

Thank you so much.
After I disabled the winxp firewall, my computer can shut down correctly now and no such error reported any more.
Thank you all you guys for the help.

Since you're running Norton Firewall, is Windows XP firewall also running?

FILENAME: Alg.exe.
PROGRAM NAME: Application Layer Gateway.
DESCRIPTION: Part of Windows XP that provides support for ICS and Internet Connection Firewall (ICF).
RECOMMENDED ACTION: If a third-party firewall warns you that ALG.exe wants access, check to make sure you're not double-firewalled. If you are, disable ICF. If you are using neither ICF nor ICS and are warned that ALG.exe is trying to access the Net, deny it. A Trojan horse or worm may be trying to use it as a backdoor.

this may cause Windows to not shutdown. Hope it helps.

[NooNoo]

*NooNoo files that one for future reference.