# Solved: MAR.TMP temp files



## spud777 (Aug 31, 2011)

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) CPU 2.93GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 1
RAM: 1015 Mb
Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
Hard Drives: C: Total - 107191 MB, Free - 79157 MB; D: Total - 7257 MB, Free - 2419 MB; 
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD, Gamila/Giovani/Neon series, 030, 4910419134
Antivirus: Norton Internet Security, Updated: Yes, On-Demand Scanner: Enabled


----------



## Phantom010 (Mar 9, 2009)

Do you have a question?


----------



## spud777 (Aug 31, 2011)

o.k., first post - even though I've been watching. HELLO, and i have a REAL question. As per the sign-up screen, NO, i'm not on ANY social media sites. And, as for my comp. info. - no, this is my old hp - that i like - in it's old age. i used to 'not like bill' (gates), but lately, i (heart of thinking) have been thinking that i DON'T WANT TO BE TRACKED. Does ANYONE agree? e.g.-Does Ghostery REALLY help? BLAH,blah,blah, Oh, by the way, EVERY site SAYS that you have 1000 characters. AGhGhGhGh, but you really never do. (NOTE TO ED.- make this true, they will only use it on the first or second entry and you will have them FOREVER.) ahhhemmm. AndtheREALquestionisasfollows;ANYBODY out there - What the hell is a MAR.temp file ? NO one knows. NO one can EVER ANSWER the question. Seriously, NO ONE KNOWS. i have had these in my comp. for 2 or 3 YEARS. I AM NOW OFFICIALLY DECLARING A quest!!! On other sites, and YES, Even on THIS website, FOR YEARS, people have said, 'It bugs me that i have lost control of my system, PLEASE, help me!'. Yet, strangely, NO ONE DOES. EVERYthing can be in play - Windows,HP,Java,Adobe, and U NAME IT. ( something about having a ROOTKIT protecting it. ). I remember from WAY BACK b4 win 3.1 & DOS 5, into the 'bulletin-board' days, and i may not be the greatest at anything, but people used to take THINGS LIKE THIS SERIOUSLY. help me now. andbytheway - THE QUEST IS THE QUEST.


----------



## Phantom010 (Mar 9, 2009)

I haven't the slightest idea what a MAR.TMP file is. However, it does say a Temp file, thus usually useless, like most Temp files... They probably can be deleted.

Where are those files located?


----------



## boragivinay (Aug 12, 2011)

I suggest you must submit it for a jotti and virustotal scan. Something might be detected. It looks like a malware created them and some kind of rootkits are protecting them. Both of them use multiple av-engines to scan the file submitted in addition they would also submit suspicious files to the vendors for research.


----------



## spud777 (Aug 31, 2011)

O.K., I ran my cleaning program, Ace Utilities, again (what does anyone think of it - good to use, just o.k., dump it and get something else to complement my Norton I.S. 2011 ?). And as usual, there are a bunch of mar*.tmp and mar#.tmp (where * is a letter and # is a number) files followed by the usual RedboxLog.txt file at the end of the list to be deleted. I think these two might be related, but, not sure. And, like some other posts that I have read 'out in the techie forums', I DO NOT LIKE that I do not have control over MY OWN system. I want to know what these mar.tmp files are, what their true purpose is, what programs they are associated with, what company owns,uses, installs these on MY computer without my permission, and MOST IMPORTANTLY - HOW DO I REMOVE THEM, preferably without large expense or 'hew-ha'. I see by my basic Google-search that they have already been out there and bothering people FOR YEARS NOW. Doesn't ANYONE already know all about them and how to get rid of them, BLAH,Blah,Blah, I would really appreciate some help here on my Quest, THANX.


----------



## boragivinay (Aug 12, 2011)

What about my previous suggestion?


----------



## spud777 (Aug 31, 2011)

Phantom010 - Where are those files located?
They are in C:\Documents and Settings\HP_Owner\Local Settings\Temp .

boragivinay - suggest submit them for Jotti and VirusTotal scan.
How do I submit them?


----------



## Cookiegal (Aug 27, 2003)

I don't think it's malware related.

You can open the RedboxLog.txt file in Notepad and it should refer to an HP Photosmart or other HP printer/scanner device. It appears to get created when running updates for the HP Solution Center or HP Software Update. If it was created at the exact same time as the Mar*.tmp files then those are likely related to the HP device as well.


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## spud777 (Aug 31, 2011)

Oh,boy - 
I hope I got this right. I did the download of DDS, ran it o.k., saved both txt. files to my desktop, BUT, the top of the 'attach' report says to ZIP it and then ATTACH it. What does that mean and how do I do it? OR can I just copy and paste them like you said? Anyway, here is the copy and paste of the regular DDS report.

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by HP_Owner at 13:13:45 on 2011-09-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.416 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PrnSys Executable] c:\program files\hp\digital imaging\hp print screen\PrnSys.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298773337218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{8E870D8F-C50E-47CD-96CE-707B73B3F40A} : DhcpNameServer = 192.168.7.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\ra3xjjsu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-8-27 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-8-27 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-12 815736]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-8-27 136312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-3-10 54760]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-4-1 238952]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-8-27 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-27 105592]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-4-1 36608]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110831.030\IDSXpx86.sys [2011-9-1 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110901.002\NAVENG.SYS [2011-9-1 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110901.002\NAVEX15.SYS [2011-9-1 1576312]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-4-11 30576]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2011-4-1 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2011-4-1 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2011-4-1 123648]
.
=============== Created Last 30 ================
.
2011-09-01 15:31:43 785368 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-08-30 23:58:46 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2011-08-30 23:58:32 -------- d-----w- c:\program files\Cisco Systems
2011-08-30 21:40:06 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
2011-08-30 17:24:41 -------- d-----w- c:\documents and settings\hp_owner\application data\Nokia Ovi Suite
2011-08-30 17:23:44 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-08-30 17:23:44 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-08-30 17:23:10 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-27 18:53:22 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-27 18:53:22 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-27 18:53:22 -------- d-----w- c:\program files\Symantec
2011-08-27 18:53:16 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-08-27 18:53:16 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-08-27 18:53:15 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2011-08-27 18:53:15 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-08-27 18:53:15 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-08-27 18:53:15 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys
2011-08-27 18:53:15 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-08-27 18:53:15 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys
2011-08-27 18:52:43 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D
2011-08-27 18:52:11 -------- d-----w- c:\windows\system32\drivers\NIS
2011-08-27 18:52:08 -------- d-----w- c:\program files\Norton Internet Security
2011-08-27 18:39:43 -------- d-----w- c:\program files\NortonInstaller
2011-08-27 16:12:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-27 15:18:55 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\NokiaAccount
2011-08-27 14:56:26 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Nokia
2011-08-27 14:53:55 -------- d-----w- c:\program files\common files\Nokia
2011-08-27 14:53:20 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-08-27 14:53:09 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-27 14:52:55 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-08-27 14:52:54 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-08-27 14:52:52 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-08-27 14:52:45 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-08-27 14:52:45 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-08-27 14:52:45 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-27 14:52:45 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-08-27 14:52:43 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-08-27 14:51:21 -------- d-----w- c:\program files\Nokia
2011-08-27 14:51:21 -------- d-----w- c:\documents and settings\all users\application data\NokiaInstallerCache
2011-08-10 03:33:49 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 03:31:15 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-07-19 10:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 07:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 13:14:47.64 =========

And now, here is the (Supposed) Zipped-File copy and paste version of the Attach report. I'm just say'n, 'Zip it up & Attach it' sounds like something you would do for an e-mail, Not for a simple cut and paste to a post. But I saved it to the 'Compressed(zipped)' folder first and THEN did the 'highlight cut' to paste. Did this reduction from 16 KB down to 5 KB really help it to be viewed better on the forum now, or is it just a space saving measure? Then, how come the DDS report ALSO did not need zipping down from it's ALSO 16 KB size? I know there must be a reason. BUT, I DIGRESS. Please, Cookiegal, could you illuminate me as to the facts to be gleaned from these two files? You are being Most Helpful and, Absolutely, I would be EVER GREATFUL to all you MVPs - maybe even bill.
P.S. - Come on Windows-phone! Yeah!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/26/2011 12:22:00 PM
System Uptime: 9/1/2011 12:58:34 PM (1 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Celeron(R) CPU 2.93GHz | Socket 478 | 2933/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 77.255 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.363 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1A671D0C&0&48F0
Manufacturer: NETGEAR
Name: NETGEAR WG311v3 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1A671D0C&0&48F0
Service: W8335XP
.
==== System Restore Points ===================
.
RP73: 6/30/2011 6:23:41 PM - System Checkpoint
RP74: 6/30/2011 8:18:19 PM - Configured NETGEAR WG311v3 PCI Adapter
RP75: 6/30/2011 8:39:03 PM - Configured NETGEAR WG311v3 PCI Adapter
RP76: 6/30/2011 10:39:01 PM - Installed NETGEAR WG311v3 PCI Adapter
RP77: 6/30/2011 10:48:17 PM - Unsigned driver install
RP78: 7/7/2011 3:00:11 PM - System Checkpoint
RP79: 7/8/2011 10:30:17 PM - System Checkpoint
RP80: 7/13/2011 6:38:53 PM - Installed Java(TM) 6 Update 26
RP81: 7/13/2011 9:22:21 PM - Software Distribution Service 3.0
RP82: 7/16/2011 4:16:36 PM - System Checkpoint
RP83: 7/18/2011 12:40:58 PM - System Checkpoint
RP84: 7/21/2011 2:39:53 PM - System Checkpoint
RP85: 7/23/2011 11:09:50 AM - System Checkpoint
RP86: 7/24/2011 5:02:53 PM - System Checkpoint
RP87: 7/25/2011 9:07:20 PM - System Checkpoint
RP88: 7/27/2011 12:25:24 PM - System Checkpoint
RP89: 7/30/2011 1:42:56 PM - System Checkpoint
RP90: 8/1/2011 11:32:08 AM - System Checkpoint
RP91: 8/3/2011 10:18:40 AM - System Checkpoint
RP92: 8/6/2011 2:53:29 PM - System Checkpoint
RP93: 8/7/2011 4:54:39 PM - System Checkpoint
RP94: 8/9/2011 10:32:59 PM - Software Distribution Service 3.0
RP95: 8/9/2011 11:03:47 PM - Software Distribution Service 3.0
RP96: 8/12/2011 12:22:26 PM - System Checkpoint
RP97: 8/14/2011 3:02:54 PM - System Checkpoint
RP98: 8/16/2011 12:22:04 PM - System Checkpoint
RP99: 8/20/2011 3:56:36 PM - System Checkpoint
RP100: 8/24/2011 9:23:48 AM - System Checkpoint
RP101: 8/25/2011 11:18:52 AM - Software Distribution Service 3.0
RP102: 8/26/2011 8:41:16 AM - Removed Microsoft LifeCam
RP103: 8/27/2011 8:24:33 PM - Installed Java(TM) 6 Update 27
RP104: 8/30/2011 12:23:10 PM - Installed Windows XP Wdf01009.
RP105: 8/30/2011 5:43:12 PM - Software Distribution Service 3.0
RP106: 9/1/2011 8:51:23 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Ace Utilities
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Agere Systems PCI Soft Modem
Aloha Solitaire
Apple Application Support
Apple Software Update
AstroPop Deluxe
BufferChm
CameraDrivers
CameraReadme
CameraUserGuides
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Cisco Connect
Copy
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CreativeProjects
CreativeProjectsTemplates
CueTour
D110
Destinations
DeviceDiscovery
DocProc
DocumentViewer
FullDPAppQFolder
GPBaseService2
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo & Imaging 3.5 - HP Devices
HP Photo Creations
HP Photosmart Cameras 7.0
HP Photosmart Cameras 9.0
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Photosmart Essential 3.5
HP Photosmart Premier Software 6.5
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HPSystemDiagnostics
InstantShare
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest
Junk Mail filter update
KBD
Mah Jong Quest
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 6.0.1 (x86 en-US)
MSN
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysteryville
NETGEAR WG311v3 PCI Adapter
Network
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Norton Internet Security
NVIDIA GART Driver
Ovi Desktop Sync Engine
OviMPlatform
PanoStandAlone
PC-Doctor for Windows
PC Connectivity Solution
PhotoGallery
Platypus
PrintScreen
PS_AIO_07_D110_SW_Min
PS2
PSSWCORE
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
QuickTransfer
RandMap
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Shop for HP Supplies
SkinsHP1
SkinsHP2
Skype 5.3
SlideShow
Slingo Deluxe
SmartWebPrinting
SolutionCenter
Sonic RecordNow!
Sonic_PrimoSDK
Status
Super Blackjack
Super Gem Drop
Super Tap a Jam
Talismania(TM) Deluxe
Toolbox
TrayApp
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
USA Today - Infinite Crosswords
VideoToolkit01
WebFldrs XP
WebReg
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/31/2011 8:24:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.130 for the Network Card with network address 00110973DC93 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/30/2011 9:21:32 PM, error: Dhcp [1002] - The IP address lease 192.168.7.64 for the Network Card with network address 00110973DC93 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/30/2011 8:27:05 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
8/30/2011 6:41:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/30/2011 6:26:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/30/2011 6:26:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 00223FDEF497 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/30/2011 5:53:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.125 for the Network Card with network address 00223FDEF497 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/30/2011 5:41:31 PM, error: Dhcp [1002] - The IP address lease 192.168.7.64 for the Network Card with network address 00110973DC93 has been denied by the DHCP server 192.168.7.254 (The DHCP Server sent a DHCPNACK message).
8/30/2011 5:37:39 PM, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 00223FDEF497 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

I don't know why the instructions say to zip it as it's really not necessary. I prefer to have it copied and pasted for easier viewing and analysis.

I don't see any signs of malware.

The file creation doesn't go back far enough to caputre any of them. But you do have a lot of HP stuff on there, including HP Update and Solution Center, and one of those HP programs is likely responsible for creating those MAR*.tmp files. Can you check the date and time created and also do the same for the Redboxlog.txt file? Let me know what date and time they were created. While you're looking at the properties, see if there's a version tab please. If there is take a look and see if the file belongs to HP.

Also, please right-click on the Redboxlog.txt file and select "Open With" and then choose Notepad. The copy and paste the text back here.


----------



## spud777 (Aug 31, 2011)

In the words of the immortal Squidward; "Well, here ya go."
the RedboxLog.txt file text:

Begin CINIFileHandler:CINIFileHandlerBegin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxEvent::RefCount after Instansiated:1
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
Begin CDatabaseManager:IsDBWithInSizeLimit
Begin CINIFileHandler:GetDataBaseSizeLimit
End CINIFileHandler:GetDataBaseSizeLimit
END CDatabaseManager:IsDBWithInSizeLimit withreturn value1
Begin Data Access Layer:Add event
Begin CINIFileHandler:CINIFileHandler
End CINIFileHandler:CINIFileHandler
IRedBoxESInternal::RefCount after Instansiated:1
Begin RedBox Event Store Internal:Add event
Begin RedBox Event Store Internal:Get Contents To Store event
End RedBox Event Store Internal:Get Contents To Store event
successfully RedBox Event Store Internal:Add event
End Data Access Layer:Add event
IRedBoxESInternal::RefCount after Relased:0
Begin Redbox event:Convert to date
End Redbox event:Conver to date
begin CNotificationMgr: notify
IEventInternal::RefCount after Instansiated:1
CEventInternal::get_Source
IEventInternal::get_Source returning: {75D1B153-06BE-409C-B17C-3F5C4661F141}
IEventInternal::get_Description returning: *HP Photosmart D110 series Disconnected!*
End CNotificationMgr: notify :Notification sent successfully to suscribers(GP)
End Redbox event:Send event
IRedBoxEvent::RefCount after Relased:0

I checked the creation times of all the current mar.tmp files against the time of the RedboxLog.txt file and it seems as if the mar.tmp files are created in pairs, both always at the same time, and the latest two DO MATCH with the time of the RedboxLog.txt time. There are NO VERSION TABS on any of it. 
I ABSOLUTELY DO NOT LIKE this constant reference to 'Notification sent successfully to suscribers(GP)' This is EXACTLY BLAH,Blah,Blah, ***** & Moan, Rail Against The System, I Knew It The WHOLE Time, Etc, Etc. What do you think, the Only way to get it all out is to start uninstalling with the most likely culprits first?


----------



## lunarlander (Sep 22, 2007)

> Notification sent successfully to suscribers(GP


The 'subscribers' can be just software components that listen for events. It may not be someone listening thru the internet. Many programs are now written in an event driven manner. For example, one could write several code modules that 'subscribe' to the GUI. And when the user click on the close X button, those code modules that subscribed will receive a windows-close event message, and one module would handle closing the connection to a database, another module would handle closing various log files and another module will handle closing the application.


----------



## Cheeseball81 (Mar 3, 2004)

Just wondering....aren't those from language translation programs?


----------



## Cookiegal (Aug 27, 2003)

Cheeseball81 said:


> Just wondering....aren't those from language translation programs?


I don't know. Did you find something that suggests that?


----------



## Cheeseball81 (Mar 3, 2004)

I've come across a few forums regarding MAR(#).TMP files. One said language translation files. Another thought it was something being protected by a rootkit.

There were similar files titled DIO(#).TMP

They were being regenerated on reboot.


----------



## Cookiegal (Aug 27, 2003)

I saw that too but it didn't look very convincing.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
dir::
C:\Documents and Settings\HP_Owner\Local Settings\Temp
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Cheeseball81 (Mar 3, 2004)

Might not hurt to upload some to Derek.


----------



## Cookiegal (Aug 27, 2003)

Cheeseball81 said:


> Might not hurt to upload some to Derek.


Good idea.


----------

