What is this?

[LesF]

I just did a full scan of my laptop, running XP Pro, SP-3, using Avira (free version). The scan was clean except for one hidden file. The report showed the following:

"HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible."

Using Regedit, I drilled down to HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone, and sure enough, I could not see "drivelist".

Can someone tell me what this is, and why it's hidden? Is it required, or is it something that should be removed? And finally, how can I make it visible?

Any help would be appreciated.

[CLiNT]

NtmsSvc
This is a windows XP os component dll that manages the use of removable storage devices.
It should not be removed. I believe Avira is showing a false posative here.

[satrow]

I think Clint's correct in this, it reads like the Registry entry refers to what you see in Device Manager when you show hidden devices and look under Storage volumes.

[LesF]

Thanks, guys.
That's very interesting.
I don't believe that it's a actually false positive, however (i.e. I don't think Avira would actually have attempted to treat it as a threat had it not been hidden). Since it was clearly detectable by the program, and could have been flagged for repair or removal, but wasn't, I think it was just a "heads up".
But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?
Thanks again for your replies.

[SpiritWind]

Hi : This is something that should be asked and/or "explored" on the Avira Support Forums .

[LesF]

Hi, SpiritWind.

Actually, my original question was answered here.

My follow-up questions ("But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?"), in my opinion, are also best answered here, as they're being asked of the original responders, and apply to the OS, rather than Avira.

However, after reading your response, I also posted the original question on the Avira forum. It'll be interesting to see what they turn up.

[CLiNT]

Avira "hidden File" - The Elder Geek on Windows
Apr 19, 2010 ... Platform : Windows XP Windows

#2

might be the permissions, open the command prompt, paste in
reg query HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc\Config\Standalone\drivelist /s
press enter

if it says access denied, it must be the permissions

i have recently found a way of seeing the info without changing the permissions, so if access is denied, type in

at **:** /interactive cmd.exe
press enter

[note, change **:** for the current time plus a couple of minutes, and use the 24 hour system, eg if it's 18:00 currently, type in

at 18:02 /interactive cmd.exe
press enter, close the command prompt

when the command prompt appears at the set time it will be running in the system account, then repeat the reg query command

as it will be running as system, access won't be denied for the reg query

btw, if at **:** / cmd.exe was used instead of at **:** /interactive cmd.exe , it would run but would be hidden

From a simple google search there appears to be many windows components that this latest version of Avira seems to be picking up. The above article on the Elder Geek forum may prove helpfull in making the reg entry viewable.

[satrow]

My follow-up questions ("But why is it hidden? Aren't there many registry entries that are OS components? How were you able to view it?"), ...

My guess is that it's hidden by the OS because the drives not currently installed, just like in the DevMan attachment I posted.