The % should appear within the single quote, I would also change your query to use parameters instead of the inline concatenation you use. The way you have it, sql injection is a huge risk.
... SELECT file_name FROM waveform_files WHERE file_name LIKE '%" + cc_list_element + "'"