Tech Support Forum - View Single Post

corsair · 06-25-2009, 09:25 AM

Hi everyone
I'd like to seek advice about a folder that appears in my C:,called TempEI4. Inside the folder there is a 2.temp file along with three txt files -EI41,EI43 and EI461
EI41 has the following entries:
[5:19:46 AM] Action is Cleanup.
[5:19:46 AM] Removing copy directory entry from registry.
[5:19:46 AM] Removing SetupDone directory entry from registry.
[5:19:46 AM] Removing main setup registry key.
[5:19:46 AM] Attempting unregistration for "RegSvr32 /u /s C:\TempEI4\EI40_\EIServer.DLL".
[5:19:46 AM] Temp directory is "C:\TempEI4".
[5:19:46 AM] Temp file path is "C:\TempEI4\2.tmp".
[5:19:46 AM] Current file path is "C:\TempEI4\EI40_\EICleanup.exe".
[5:19:46 AM] Copied "C:\TempEI4\EI40_\EICleanup.exe" to "C:\TempEI4\2.tmp".
[5:19:46 AM] Creating tmp Process "C:\TempEI4\2.tmp -sd: 1104 "C:\TempEI4\EI40_"" in "C:\TempEI4".
[5:19:47 AM]
Closing Log File.
EI43 has :
[5:19:46 AM] Action is SELFDELETE.
[5:19:47 AM] Finish job of cleanup.
[5:19:47 AM] Deleting file "CLEANUP.INI"
[5:19:47 AM] Deleting file "EICleanup.EXE"
[5:19:47 AM] Deleting file "EIConfig.INI"
[5:19:47 AM] Deleting file "EIhlp0409.CHM"
[5:19:47 AM] Deleting file "EIProcessCaller.exe"
[5:19:47 AM] Deleting file "EIRES0409.DLL"
[5:19:47 AM] Deleting file "EIServer.DLL"
[5:19:47 AM] Deleting file "EISTPersist.dat"
[5:19:47 AM] Deleting file "Express.exe"
[5:19:47 AM] Deleting file "LICENSE0409.RTF"
[5:19:47 AM] Deleting file "msxml.msi"
[5:19:47 AM] Deleting file "MSXML4.CAB"
[5:19:47 AM] Deleting file "Readme.txt"
[5:19:47 AM] Deleting file "rebootOS.exe"
[5:19:47 AM] Deleting file "unicows.dll"
[5:19:47 AM] Deleting file "XML4REG.EXE"
[5:19:47 AM] Deleting file "XML4REG.HTML"
[5:19:47 AM] Deleting directory "C:\TempEI4\EI40_"
[5:19:47 AM]
Closing Log File.
and lastly, EI461 has:
[4:58:39 AM] Copied file G:\Drivers\unicows.dll to C:\TempEI4\EI40_\unicows.dll.
[4:58:40 AM] Copied file G:\Drivers\Express.ex_ to C:\TempEI4\EI40_\Express.exe.
[4:58:40 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:41 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] *** File G:\Drivers\EMULATE.INI optional; not found
[4:58:41 AM] Copied file G:\Drivers\LICENSE0409.RTF to C:\TempEI4\EI40_\LICENSE0409.RTF.
[4:58:41 AM] Copied file G:\Drivers\EIServer.DLL to C:\TempEI4\EI40_\EIServer.DLL.
[4:58:41 AM] Copied file G:\Drivers\Readme.txt to C:\TempEI4\EI40_\Readme.txt.
[4:58:42 AM] Copied file G:\Drivers\rebootOS.ex_ to C:\TempEI4\EI40_\rebootOS.exe.
[4:58:42 AM] Copied file G:\Drivers\EIhlp0409.CHM to C:\TempEI4\EI40_\EIhlp0409.CHM.
[4:58:42 AM] Copied file G:\Drivers\EIRES0409.DLL to C:\TempEI4\EI40_\EIRES0409.DLL.
[4:58:42 AM] Copied file G:\Drivers\MSXML4.CAB to C:\TempEI4\EI40_\MSXML4.CAB.
[4:58:42 AM] Copied file G:\Drivers\XML4REG.HTML to C:\TempEI4\EI40_\XML4REG.HTML.
[4:58:45 AM] Copied file G:\Drivers\msxml.msi to C:\TempEI4\EI40_\msxml.msi.
[4:58:45 AM] Copied file G:\Drivers\XML4REG.EX_ to C:\TempEI4\EI40_\XML4REG.EXE.
[4:58:46 AM] Copied file G:\Drivers\EIProcessCaller.ex_ to C:\TempEI4\EI40_\EIProcessCaller.exe.
[4:58:46 AM] Registering file "C:\WINDOWS\system32\RegSvr32 /s C:\TempEI4\EI40_\EIServer.DLL" in dir "C:\TempEI4\EI40_\".
[4:58:52 AM] Setup complete; put SetupDone entry in registry.
[4:58:52 AM] About to CreateProcess "C:\TempEI4\EI40_\Express.exe".
[4:58:55 AM]
Closing Log File.
=====================================================
My question is, am I infected with some kind of malware? Should I delete the folder TempEI4? Or should I move on to the malware deletion section of the forum? I apologize if I have put this in the wrong forum.