Solved

Event ID 3032 Win32: 1381

Posted on 2009-05-18
5
1,725 Views
Last Modified: 2012-05-07
All,

We have a user with the following error "The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&274edf85&1&rm#{53f56030d-b6bf-11d-00a0c91efb8b}. Win32 Error 1381."

I've read:

http://www.techsupportforum.com/microsoft-support/windows-xp-support/366193-usb-mass-storage-not-showing-explorer.html

... and verified that the services are set properly ...

http://smallvoid.com/articles/windows-xp/services/

... The one thing I have noted is that most other articles are pointing to it being somekind of malware. I have attached an image directly from the user's computer for review.

Finally, we've had the user uninstall and reinstall his usb controllers (just popping in/out of the Dev Mgr)

Thanks,

Naerwen

Any help is appreciated.
1381error.jpg
0
Comment
Question by:Naerwen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
flubbster earned 500 total points
ID: 24413177
I think you have have a nasty rootkit. Try downloading and running Sophos Free Rootkit software. Must register on the site to download.

In the meantime, look for any files in the c:\windows\system32 folder that begin with ovfs.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24413299
flubbster,
     I am suspect of that (more so malware), as well,  based on what I've been reading online. Since this is an agency system, I have to hit the Sec Unit to run the utility on the box. I will get back to you asap with the results.
Naerwen.
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24425456
Flubbster,
You were correct. A nasty rootkit was reported by the Sophos AV console as well as Mal/Dorf-A. The rig has been sent to the Sec Unit for investigation.
Thanks for the direction.
Naerwen
0
 
LVL 1

Author Closing Comment

by:Naerwen
ID: 31582621
Dead on answer.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24425501
You are most welcome. Good luck.

take care.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How can this article save you time AND money?  In just a few minutes you may discover something you didn't know existed that is easy enough for you to fix yourself!
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question