PerfectKeylogger detected

I tried a small program (DW.EXE) from a friend that was supposed to be safe, but the next reboot after running the program (which seemed to do what it was supposed to) my Teatimer (Spybot S&D resident) was triggered. It said it found PerfectKeylogger in a wallpaper switcher program that I've had for months without any problem (John's Background Switcher). I can't paste the exact line because it's been cleaned out of the log, probably from the CCleaner step. But after the first reboot when I disabled UAC I did not get any more detections from Teatimer. I followed all instructions in the Readme post, the logs are attached.

Here is the virustotal result for the file I think started the problem:
https://www.virustotal.com/file/095...cf69861430cb9a9bdd05e7c0e787ee40f69/analysis/

Let me know what I should try next. I am out on vacation for the next few days so the computer will be off anyway, but I figured I should get this out in case someone can peek at it.

 

Oh right, I totally forgot I had turned on selective startup to turn off that annoying Comcast app. I will just uninstall it, EasySolve hasn't solved anything for me way back when I installed it anyway.

The 188F1432-103A-4ffb-80F1-36B633C5C9E1 folder doesn't have anything important, it looks like some installer for software on a movie DVD, must have installed when I watched one a while ago and I didn't know it was hiding out there. There is a "GEARDIFx.exe" file and an x86 folder that has what looks like your typical installer junk. Think I can get rid of it? There's also a {429CAD59-35B1-4DBC-BB6D-1DB246563521} folder with a "DIFxInstallLog.txt" that sounds like it's from the same thing, and a blue-marked (hidden) {2A431ABB-67CA-4DA3-A5A5-E9E83C97BDBC} folder with the Active Worlds installer (which I also think I could get rid of).

Doesn't seem like anything important so I'm fine with blowing all three of those away. Going to reboot and uninstall that Comcast garbage and rerun the Roguekiller, I'll reply again.

 

Here's the new RogueKiller log. Anything I need to get rid of? I don't see anything mentioned that looks like anything I desperately need, just a bunch of media apps.

I did see that Remote Potato thing that I don't use anymore is on there, I used it back when I was fiddling with Windows Media Center and it seemed to be taking up memory so I uninstalled it through Control Panel. Sorry if that messed anything up but I figured it should just go since it's not being used. I tried scanning again after I uninstalled that so that's why there's a 2 and a 3, you can skip to the 3 if you want though.

 

It's not anything I set up myself, but the task on scheduler that corresponds to this is set to run one time, at 4:54 PM yesterday. Going by the times on the RK reports it was just before I ran those. Seems like a weird task for sure.

edit: actually looking at the first RK report there's a similar line on that one:
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ben\AppData\Local\Temp\IHUA89D.tmp.exe -> FOUND
Neither one of those EXEs is hanging around in there anymore though. What should I do?

 

Ok, there was a new version of Roguekiller so I picked that up. The program notified me when i tried scanning the first time today so that is why there's no report 4. I can attach it if you want but it doesn't look any different really. Report 5 is from deleting the items and Report 6 is after the reboot. For the moment it looks like those items stayed gone. Should I rescan some other day and see if it shows up again?

 

Yep, those items did not come back. I did notice MalwareBytes reporting an occasional unauthorized connection to Skype, is this normal?

2012/10/25 00:35:25 -0500 BEN-PC Ben IP-BLOCK 121.10.20.18 (Type: incoming, Port: 45754, Process: skype.exe)

It doesn't happen very often, and I'm thinking probably it'll also get picked up and blocked if I put in a software firewall.