Microsoft Security - Privacy Concerns
I found two unknown directories on my PC in my user profile. I have, so far, been unable to identify what put them there, which process owns them, and when I delete them (using Admin escalated privileges) they come back after a few minutes or immediately after reboot.
It was time, anyway, so I wiped the drive using factory low-level overwriting and performed a clean install of Windows 8.1 Pro using a freshly downloaded ISO from Microsoft; one with an ESD distribution, written to a new just out-of-the-bedamned-hardshell-plastic flashdrive..
I just completed the clean install, in this sequence:
Boot to flashdrive and let Windows create partitions then install. Reboot. Check AppData; no folders found.
Activate. Check AppData; no folders found.
Run first Update; install everything except Bing Bar and Desktop. Check AppData; no folders found. Reboot. Check AppData; no folders found.
Add Feature Windows Media Center. Check AppData; no folders found. Reboot. Check AppData; no folders found.
Run Updates a second time. Check AppData; no folders found. Reboot. Check AppData; no folders found.
Remove MS C++ v12 x86 and x64 installed during Update. Check AppData; no folders found. Reboot. Check AppData; no folders found.
Download from MSDN (http://msdn.microsoft.com/en-us/vstudio/default) Redistributables MS C++ x86 and x64, 2005, 2008, 2010, and 2012.4 versions, and install in sequence. Check AppData after each install; no folders found. Reboot after each install and check AppData; no folders found.
Run Updates a third time. Response was No Updates Available. Check AppData; no folders found.
Reboot. Check AppData; all four sub-directories are now present.
These sub-directories and dat-files are not, so far, present in the AppData\Roaming directory.
There is nothing except Microsoft Windows 8.1 Pro WMC and the 10 MS C++ packages installed; and MS Silverlight and AMD (videocard) Catalyst Control Center on the machine. Windows Defender is present but is installed as part of Windows 8 and 8.1; and its' updates are provided via the MS Update process. All - repeat ALL of these items are provided by Microsoft.
My questions are: What are the ERNIE directories for; what program created them, and what does the various container.dat files "contain"? And . . . if not absolutely necessary, How do I get rid of them and keep them from coming back?
First attempt at Solution:
Permissions are Full for System, UserName, and group Administrators. The UserName is the Owner, and Effective Permissions for each of the 3 is Full.
Open Command Prompt (Admin)
C:\>attrib -r -h +s C:\Users\Carl\AppData\Local\EmieSiteList\container.dat
C:\>attrib -r -h +s C:\Users\Carl\AppData\Local\EmieSiteList
C:\>attrib -r -h +s C:\Users\Carl\AppData\Local\EmieUserList
C:\>attrib -r -h +s C:\Users\Carl\AppData\Local\EmieUserList\container.dat
C:\>attrib -r -h +s C:\Users\Carl\AppData\LocalLow\EmieUserList\container.dat
C:\>attrib -r -h +s C:\Users\Carl\AppData\LocalLow\EmieUserList
C:\>attrib -r -h +s C:\Users\Carl\AppData\LocalLow\EmieSiteList
C:\>attrib -r -h +s C:\Users\Carl\AppData\LocalLow\EmieSiteList\container.dat
BOTH Files and Directories are no longer Hidden. The Directories still show that the files within are READ-Only, but checking the actual file shows that it is no longer R-O.
I then deleted each of the 4 directories and closed Windows (File) Explorer.
After less than 3 minutes reading pages on the internet (at Microsoft's Ask Windows Community), I opened Windows Explorer to check and found that the sub-directories had re-created themselves in both the Local and LocalLow directories.
The container.dat files were back in the Local sub-dir and after another few minutes, also back in the LocalLow sub-dir.
Both the sub-directories and the container.dat files are once again Super-Hidden.
Analysis using Windows utilities and SysInternals and NirSoft tools have not identified which object or process or service owns these objects.