Results 1 to 8 of 8

Thread: What is this?

  1. #1
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts

    What is this?

    I just did a full scan of my laptop, running XP Pro, SP-3, using Avira (free version). The scan was clean except for one hidden file. The report showed the following:

    "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ NtmsSvc\Config\Standalone\drivelist
    [NOTE] The registry entry is invisible."

    Using Regedit, I drilled down to HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone, and sure enough, I could not see "drivelist".

    Can someone tell me what this is, and why it's hidden? Is it required, or is it something that should be removed? And finally, how can I make it visible?

    Any help would be appreciated.

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    NtmsSvc
    This is a windows XP os component dll that manages the use of removable storage devices.
    It should not be removed. I believe Avira is showing a false posative here.

  3. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 576 Times in 479 Posts
    I think Clint's correct in this, it reads like the Registry entry refers to what you see in Device Manager when you show hidden devices and look under Storage volumes.
    Attached Images Attached Images

  4. #4
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Thanks, guys.
    That's very interesting.
    I don't believe that it's a actually false positive, however (i.e. I don't think Avira would actually have attempted to treat it as a threat had it not been hidden). Since it was clearly detectable by the program, and could have been flagged for repair or removal, but wasn't, I think it was just a "heads up".
    But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?
    Thanks again for your replies.

  5. #5
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Lightbulb Avira Support Forums

    Hi : This is something that should be asked and/or "explored" on the Avira Support Forums .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  6. #6
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Hi, SpiritWind.

    Actually, my original question was answered here.

    My follow-up questions ("But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?"), in my opinion, are also best answered here, as they're being asked of the original responders, and apply to the OS, rather than Avira.

    However, after reading your response, I also posted the original question on the Avira forum. It'll be interesting to see what they turn up.

  7. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Avira "hidden File" - The Elder Geek on Windows
    Apr 19, 2010 ... Platform : Windows XP Windows

    #2
    might be the permissions, open the command prompt, paste in
    reg query HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist /s
    press enter

    if it says access denied, it must be the permissions

    i have recently found a way of seeing the info without changing the permissions, so if access is denied, type in

    at **:** /interactive cmd.exe
    press enter

    [note, change **:** for the current time plus a couple of minutes, and use the 24 hour system, eg if it's 18:00 currently, type in

    at 18:02 /interactive cmd.exe
    press enter, close the command prompt

    when the command prompt appears at the set time it will be running in the system account, then repeat the reg query command

    as it will be running as system, access won't be denied for the reg query

    btw, if at **:** / cmd.exe was used instead of at **:** /interactive cmd.exe , it would run but would be hidden
    From a simple google search there appears to be many windows components that this latest version of Avira seems to be picking up. The above article on the Elder Geek forum may prove helpfull in making the reg entry viewable.

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 576 Times in 479 Posts
    Quote Originally Posted by LesF View Post
    My follow-up questions ("But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?"), ...
    My guess is that it's hidden by the OS because the drives not currently installed, just like in the DevMan attachment I posted.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •