Windows 7: New free system imaging program

Please advise me the purpose and effects of an unexpected intruder
EUMONBMP.SYS.
Both Metascan Online | Free online file scanning with multiple antivirus engines and www.virustotal.com/file-scan/ say it is clean.
I first saw this as a 410,624 bytes file at root of C:\ in my real single boot x64 Windows 7 Desktop.

Is it safe to remove or might I regret it ?
I can restore my system from an image backup made before this arrived.

I believe it came as a result of using either a Macrium or a Easeus P.E. Boot CD,
or alternatively there was a leak out of the VMPlayer in which I installed x32 and x64 Windows 7 Virtual Machines and both Macrium and Easeus applications and created the P.E. Boot CD's.
I created the ISO's and burnt the CD's and then used the CD's in each Virtual machine to both create image backups and restore them to virtual "unallocated space".

I drag-dropped image backup files from the virtual machines to partition E:\ on the real desktop machine,
and panicked when I saw my real system was a red bar unbootable with less than 200 Megabytes of Free Space.
I found that the drag-drop from virtual to real E:\ had soaked up all space in one of my %TEMP% folders in real C:\.
Quick delete of %TEMP% and then I booted.
Unexpected leak from virtual to real - Lesson learnt.

Virtual x32 holds Macrium in Program files, and no evidence of EUMONBMP.SYS.

Virtual x64 holds EasUS in what it calls C:\Program Files (x86)
and this x64 has at root of what it calls "Local Disc" C:\EUMONBMP.SYS 268,288 bytes.
This version in this location has a time stamp that is (to a resolution of 1 minute) exactly 1 minute before the start of a *.PMD image backup file of its "Local Disc" C:\.

I suspect that EUMONBMP.SYS is part of the W.A.I.K. download that got incorporated into WinPE,
and the size may be related to either the x32 or x64 environment in which the Boot CD was created.

Please note that :-
The above all happened before I came across this topic ;
Your tool is in no way implicated,
but I assume EUMONBMP.SYS is a likely result of WinPE using W.A.I.K.
and am hoping that your tool will avoid this.
I would like to know in advance what to expect.

Regards
Alan

EU stands for EaseUS. I'm 99.999% sure it's left-over from your ToDo installation.

Many thanks.

I intended to reply that the Easeus forum failed to respond to my first enquiry 6 days ago,
but first I have just re-visited them and I find the notification system failed to notify me.

The replies from Easeus Support include
"This is a rare case. We suggest you uninstall this product. Then reinstall it, and try operations again"
and
"The file "EUMONBMP.SYS" is the driver file of our product. Please don’t delete it, otherwise our product cannot run normally."
Please advise if C:\EUMONBMP.SYS came from EaseUS, and why - EaseUS Software

So it seems it is a vital system file and root of C:\ is not the expected location when all things work well.
Perhaps some confusion was caused by installing and running in a virtual machine instead of my real C:\

Regards
Alan

I apparently did not have enough caffeine in me this a.m. when I responded--for some reason at that time I thought that file was left-over after you'd UNINSTALLED EaseUS ToDo! Clearly, if you intend to install/run EaseUS then it's needed, and you'll want to do a clean removal and reinstall then I think. Dunno about Macrium and EaseUS together--I would think there might be some conflicts given they both appear to have snapshot drivers that might conflict with one another.

The installations were only in Virtual machines.

The unexpected intrusion triggered in me a red alert malware response when I saw it.
I am now satisfied that it was either donated to my hardware Boot partition when the Rescue CD was restoring an Easeus image of a virtual C:\ to unallocated space on my secondary drive,
or possible a leak out of the Virtual machine, perhaps when drag-drop from Virtual image backup file held within secondary E:\VM-machine backup file to secondary e:\Images\Easeus.

Either way it is not installed in my real system.
Until today I was unsure of its purpose and whether its intentions were against my interests.
I am now confident that it is not evil and does no harm,
and that I do not need it and it can now be deleted and forgotten.

I will however remember to retain it if/when I finally install Easeus on my real machine.

Thanks
Alan

It is part of Todo.

It should be a hidden file on the root of your drive.

It is normal.

It is strange if it appears anywhere else.

Easeus staff are Chinese. I think they misunderstood your post to mean the file was actaully on your desktop, and not on C:\ , which is where it should be.

It really should never have existed in my real system partition on my MBR primary drive.
A file by the same name but only half the size is present where it belongs,
as part of the ToDo installation within a virtual machine held in a folder in partition E:\ on my GPT secondary drive.

Either the ToDo WinPE Rescue CD planted this in the MBR boot partition whilst my real desktop PC was restoring a "Virtual Local Drive C:\" to unallocated space on the GPT drive,
or this file somehow leaked out of VMPlayer, possibly when I was drag-dropping a ToDo image file out of its virtual machine container on the GPT drive to a folder used for images in the real world GPT drive that held the virtual machine, and surprisingly my MBR lost 99% of its free space to what travelled though the %TEMP% folder.

Thank you for your response.
Whilst further explaining my situation I realise that if this file is the result of an accidental leak there could be similar accidents all over my system partition.

I think the least pain solution is to restore my real machine back to how it was before there was a breech in VM isolation.

Regards
Alan