twump_32--Making Sure it's TOALLY gone

Hey all,

I'm running Windows 7-64 bit on an Acer netbook.

I recently had an issue with the malware program twump_32.exe. I ended up completely wiping my hard drive (PRNG-3 passes), doing a clean install of Windows 7, and running several scans by different programs before cloning my hard drive and upgrading to a solid state drive. It has been a week since I swapped the hard drive, and I have been running periodic scans by malwarebytes and ESET NOD32. Today, I decided to go in and check my registry, processes, program folders, and Windows folder to make sure everything was gone. Sitting in the Windows folder was twump_32 again! malwarebytes, ESET, CCleaner, and explorer and regedit searches all failed to to detect it.

I deleted the virus files and my TWAIN files with IObitUnlocker, ran malwarebytes,eand their rootkit program, and then followed all the steps on this page for malware removal, but I'm still concerned that the virus might still be on my computer, especially since google won't return any results when I search for twump_32 on my computer OR my iPhone. I've attached the folder from my MGtools scan. I'm wondering the following:

1. Could the files still be hiding on my computer?
2. Could the virus have infected my router and spread to other devices?
3. Is there a way to check my prefetch folder for possible infection?

Any help is greatly appreciated.

Thanks!

 

Chaslang,

Thanks for welcoming me to the forum, and for your quick reply. I did mispell the virus name. It is "twunk_32.exe." From what I have found through searching the internet, it is a known malware program. Since I used IObitUnlocker to delete the file, I do not have access to it anymore, and can't send it to you. In the unlikely event that it did slip under the radar after I had done a clean install and cloned the drive, I may have a copy in a system backup on an external hard drive that I created with Paragon Backup & Recovery. I don't know how to check it for the virus though....

Apologies for not reading the directions carefully enough. I have attached the scan logs from the various programs. There are some logs from previous scans, which I have included. There is also a quarantine file from RogueKiller. To make things easier, I have organized the files by program and uploaded them in a zip folder.

Interestingly, my user account folder seems to have been copied to my desktop during the whole scanning process. In the original user account folder, there is a hidden folder entitled "my documents," right next to the typical folder. When I attempt to open the hidden version, I get the "access denied," message. I'm not sure if this is typical, or the sign of a problem.

Thanks, again, for all of your help!