Solved

Event ID 3032 Win32: 1381

Posted on 2009-05-18
5
1,723 Views
Last Modified: 2012-05-07
All,

We have a user with the following error "The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&274edf85&1&rm#{53f56030d-b6bf-11d-00a0c91efb8b}. Win32 Error 1381."

I've read:

http://www.techsupportforum.com/microsoft-support/windows-xp-support/366193-usb-mass-storage-not-showing-explorer.html

... and verified that the services are set properly ...

http://smallvoid.com/articles/windows-xp/services/

... The one thing I have noted is that most other articles are pointing to it being somekind of malware. I have attached an image directly from the user's computer for review.

Finally, we've had the user uninstall and reinstall his usb controllers (just popping in/out of the Dev Mgr)

Thanks,

Naerwen

Any help is appreciated.
1381error.jpg
0
Comment
Question by:Naerwen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
flubbster earned 500 total points
ID: 24413177
I think you have have a nasty rootkit. Try downloading and running Sophos Free Rootkit software. Must register on the site to download.

In the meantime, look for any files in the c:\windows\system32 folder that begin with ovfs.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24413299
flubbster,
     I am suspect of that (more so malware), as well,  based on what I've been reading online. Since this is an agency system, I have to hit the Sec Unit to run the utility on the box. I will get back to you asap with the results.
Naerwen.
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24425456
Flubbster,
You were correct. A nasty rootkit was reported by the Sophos AV console as well as Mal/Dorf-A. The rig has been sent to the Sec Unit for investigation.
Thanks for the direction.
Naerwen
0
 
LVL 1

Author Closing Comment

by:Naerwen
ID: 31582621
Dead on answer.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24425501
You are most welcome. Good luck.

take care.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upper back Pain: My back hurt for months. Upper back, mostly my neck, spine and across my shoulder blades. I was getting headaches too, that felt like they were caused by tension in my shoulders, but now I feel fine! I'm sharing this hoping someoneā€¦
Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question