?
Solved

Event ID 3032 Win32: 1381

Posted on 2009-05-18
5
Medium Priority
?
1,727 Views
Last Modified: 2012-05-07
All,

We have a user with the following error "The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&274edf85&1&rm#{53f56030d-b6bf-11d-00a0c91efb8b}. Win32 Error 1381."

I've read:

http://www.techsupportforum.com/microsoft-support/windows-xp-support/366193-usb-mass-storage-not-showing-explorer.html

... and verified that the services are set properly ...

http://smallvoid.com/articles/windows-xp/services/

... The one thing I have noted is that most other articles are pointing to it being somekind of malware. I have attached an image directly from the user's computer for review.

Finally, we've had the user uninstall and reinstall his usb controllers (just popping in/out of the Dev Mgr)

Thanks,

Naerwen

Any help is appreciated.
1381error.jpg
0
Comment
Question by:Naerwen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
flubbster earned 2000 total points
ID: 24413177
I think you have have a nasty rootkit. Try downloading and running Sophos Free Rootkit software. Must register on the site to download.

In the meantime, look for any files in the c:\windows\system32 folder that begin with ovfs.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24413299
flubbster,
     I am suspect of that (more so malware), as well,  based on what I've been reading online. Since this is an agency system, I have to hit the Sec Unit to run the utility on the box. I will get back to you asap with the results.
Naerwen.
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24425456
Flubbster,
You were correct. A nasty rootkit was reported by the Sophos AV console as well as Mal/Dorf-A. The rig has been sent to the Sec Unit for investigation.
Thanks for the direction.
Naerwen
0
 
LVL 1

Author Closing Comment

by:Naerwen
ID: 31582621
Dead on answer.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24425501
You are most welcome. Good luck.

take care.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

pc, laptop  monitor connection configurations
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question