In my C:\WINDOWS directory I see twunk_16.exe and twunk_32.exe.
On this site, _32 is classified as a bad worm.
Symantec associates it with a w32.coflop@mm and w32.blackmal.c@mm worm.
Somewhere else (perhaps BC here), I see it's related to Backdoor.win32.small.dc pest of some sort.

Yet on "Answers that work" site there is a lenghty description how both are needed for scanning and to leave them alone.

My files seem to belong to Twain Working Group, both are dated 3/31/2003.

None of the virus, trojan, worm scanners I ran recently, and often in the past few weeks, pick them up as scumware.

So how can we tell?

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Thanks. At this point I don't think I have any scumware here and I don't want to waste HJT's team time. Only recently I submitted a log and Grinler didn't see any red flags in it.
This is more a matter of curiosity - how to know what's legit and what's not

twunk_16.exe
Company: Twain Working Group
Description: Twain_32.dll Client's 16-Bit Thunking Server

twunk_32.exe
Company: Twain Working Group
Description: Twain.dll Client's 32-Bit Thunking Server

Found using the The File Database located at the top of this page.

Yup. But if I look here
http://www.bleepingcomputer.com/startups/
I get a big red X and

Just trying to sort it out in my head how to use these tools.
And stay relatively sane and not too paranoid

If you're not sure about twunk_32.exe, check out this info, and see if it describes your situation.
If not, then I wouldn't worry about it.
W32.Blackmal.C@mm