Solved

Event ID 3032 Win32: 1381

Posted on 2009-05-18
5
1,718 Views
Last Modified: 2012-05-07
All,

We have a user with the following error "The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&274edf85&1&rm#{53f56030d-b6bf-11d-00a0c91efb8b}. Win32 Error 1381."

I've read:

http://www.techsupportforum.com/microsoft-support/windows-xp-support/366193-usb-mass-storage-not-showing-explorer.html

... and verified that the services are set properly ...

http://smallvoid.com/articles/windows-xp/services/

... The one thing I have noted is that most other articles are pointing to it being somekind of malware. I have attached an image directly from the user's computer for review.

Finally, we've had the user uninstall and reinstall his usb controllers (just popping in/out of the Dev Mgr)

Thanks,

Naerwen

Any help is appreciated.
1381error.jpg
0
Comment
Question by:Naerwen
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
flubbster earned 500 total points
ID: 24413177
I think you have have a nasty rootkit. Try downloading and running Sophos Free Rootkit software. Must register on the site to download.

In the meantime, look for any files in the c:\windows\system32 folder that begin with ovfs.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24413299
flubbster,
     I am suspect of that (more so malware), as well,  based on what I've been reading online. Since this is an agency system, I have to hit the Sec Unit to run the utility on the box. I will get back to you asap with the results.
Naerwen.
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24425456
Flubbster,
You were correct. A nasty rootkit was reported by the Sophos AV console as well as Mal/Dorf-A. The rig has been sent to the Sec Unit for investigation.
Thanks for the direction.
Naerwen
0
 
LVL 1

Author Closing Comment

by:Naerwen
ID: 31582621
Dead on answer.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24425501
You are most welcome. Good luck.

take care.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now