Solved

Event ID 3032 Win32: 1381

Posted on 2009-05-18
5
1,717 Views
Last Modified: 2012-05-07
All,

We have a user with the following error "The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&274edf85&1&rm#{53f56030d-b6bf-11d-00a0c91efb8b}. Win32 Error 1381."

I've read:

http://www.techsupportforum.com/microsoft-support/windows-xp-support/366193-usb-mass-storage-not-showing-explorer.html

... and verified that the services are set properly ...

http://smallvoid.com/articles/windows-xp/services/

... The one thing I have noted is that most other articles are pointing to it being somekind of malware. I have attached an image directly from the user's computer for review.

Finally, we've had the user uninstall and reinstall his usb controllers (just popping in/out of the Dev Mgr)

Thanks,

Naerwen

Any help is appreciated.
1381error.jpg
0
Comment
Question by:Naerwen
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
flubbster earned 500 total points
ID: 24413177
I think you have have a nasty rootkit. Try downloading and running Sophos Free Rootkit software. Must register on the site to download.

In the meantime, look for any files in the c:\windows\system32 folder that begin with ovfs.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24413299
flubbster,
     I am suspect of that (more so malware), as well,  based on what I've been reading online. Since this is an agency system, I have to hit the Sec Unit to run the utility on the box. I will get back to you asap with the results.
Naerwen.
0
 
LVL 1

Author Comment

by:Naerwen
ID: 24425456
Flubbster,
You were correct. A nasty rootkit was reported by the Sophos AV console as well as Mal/Dorf-A. The rig has been sent to the Sec Unit for investigation.
Thanks for the direction.
Naerwen
0
 
LVL 1

Author Closing Comment

by:Naerwen
ID: 31582621
Dead on answer.
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24425501
You are most welcome. Good luck.

take care.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article may be useful for troubleshooting your PC. Power Supply - no lights or fans running If you have no lights or fans running then either you power is bad, turned off (check switch) or the power supply needs to be replaced. That's a r…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now