Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Files Concern


  • Please log in to reply
8 replies to this topic

#1 erik8bcr

erik8bcr

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 18 August 2014 - 03:35 PM

Here are the suspicious files I found as below:

C:\Users\[username]

  • NTUSER.DAT
  • NTUSER.DAT.iobit
  • NTUSER.DAT.iodefrag.bak
  • SDActivate.lng

C:\

  • asc_rdflag

Are those files useful? If not, can I delete them?



BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:07:05 PM

Posted 18 August 2014 - 06:55 PM

The first four are valid system files leave them be!  asc_rdflag should be looked into, it may be just fine but not familiar to me.


Honesty & Integrity Above All!


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 18 August 2014 - 07:51 PM

Are you using Advanced SystemCare by IObit?

asc_rdflag Post #5

The file you have mentioned is to show that you already have run registry defrag...


This program is an optimization suite and registry cleaner by IObit that purports to improve performance, make repairs and tune up a computer.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Why you should not use Registry Cleaners and Optimization Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 erik8bcr

erik8bcr
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 18 August 2014 - 08:42 PM

Are you using Advanced SystemCare by IObit?

asc_rdflag Post #5

The file you have mentioned is to show that you already have run registry defrag...


This program is an optimization suite and registry cleaner by IObit that purports to improve performance, make repairs and tune up a computer.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Why you should not use Registry Cleaners and Optimization Tools

 

Yes. Can I delete asc_rdflag? Is it deselect 'Registry Fix' and 'Registry Defrag' from Advanced SystemCare If I want to perform PC maintenance next time?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 18 August 2014 - 08:55 PM

You will have to ask at IObit...I do not use these types of programs for the reasons I indicated in the Why you should not use Registry Cleaners and Optimization Tools topic.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 19 August 2014 - 02:07 PM

NTUSER.DAT is the user's registry hive, so it contains all the user's registry settings. Never delete that file, unless you delete the complete user profile.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:07:05 PM

Posted 19 August 2014 - 02:31 PM

I will point out that NTUSER.DAT is a hidden Windows file.

 

The only way to see it is to go to open up Windows Explorer/Folder Options/View do the following 2 things

 

tick the circle next to Show hidden files, folders and drives

 

UNTICK Hide protected operating system files.

 

I've noticed that when people do set everything to show they all of sudden see files that look "suspicious" which are in reality files needed by Windows and other programs so they work the way they are supposed to work.  



#8 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:07:05 PM

Posted 19 August 2014 - 02:57 PM

The NTUSER.DAT file is a system file, but the other two:

  • NTUSER.DAT.iobit
  • NTUSER.DAT.iodefrag.bak

are probably just backups created by an IObit program (hence the "io" in the extension).


-- Matt


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:05 PM

Posted 19 August 2014 - 03:38 PM

The program has been identified as Advanced SystemCare by IObit.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users