Login

**MarioLuigi55** · (This post was last modified: 08-04-2016, 02:52 PM by Britec.)

I upgraded to Windows 10 Anniversary Edition yesterday and I found few weird files already. Google says nothing special about them.

First off there is this suspicious partition in defrag:
[Image: gfkjK7e.png]

Then, we have this is the C:\ root directory:
[Image: 1EDHiBQ.png]

$GetCurrent folder may be due to the fact that I didn't wait for my turn but I downloaded the upgrader from Microsoft. Link to it is here: https://go.microsoft.com/fwlink/?LinkID=799445, but what is this .Marker file? Nobody knows.

Also there is this file in the C:\Users\(my username here)
[Image: TjAQMGF.png]

Inside the JS file there is that:
[Image: 7gm2akX.png]

Edit: There is something peculiar in this IP adress... https://www.ip-tracker.org/locator/ip-lookup.php?ip=192.168.1.102

Does someone know what are these files all about?

Also. What is Windows To Go and since when it comes with Windows 10 Pro?

**Compton** · 08-04-2016, 02:27 PM

the first thing I would do is to run a malwarebytes scan

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

***Britec*** · (This post was last modified: 08-04-2016, 05:49 PM by Britec.)

I would say it one of these:

Recovery Drive or Recovery Partition
Windows Recovery Environment

Here is windows uses partitions:

More information on UEFI/GPT-based hard drive partitions

**MarioLuigi55** · (This post was last modified: 08-04-2016, 04:56 PM by MarioLuigi55.)

Maybe this partition really is this recovery partition. Diskpart shows recovery partition too. It could be named more properly than //?/Device/Partition3/{Insert random numbers here}
Here is the MBAM log:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 04.08.2016

Scan Time: 18:31

Logfile: MBAM_scan.txt

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2016.08.04.11

Rootkit Database: v2016.05.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: Kuba

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 354557

Time Elapsed: 12 min, 54 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

I also ran TDSSKiller and Hitman Pro just in case. TDSSKiller detected nothing, Hitman Pro Deteced few tracking cookies, so nothing special.

So yeah, my system is preety clean.

Though, I still wonder what all of these files are and are they needed

**Compton** · 08-04-2016, 05:26 PM

its probably normal windows 10 stuff
windows 10 is fast but buggy it will get better over time I guess

***Britec*** · 08-04-2016, 05:45 PM

Its to do Windows 10 and not malicious. I would leave it well alone.