[BooBoo2011]

I manage a hotel in Los Angeles and recently hired an IT consultant. As he come recommended by an employee, I used him for installing and configuring security cameras.

Towards the end, he was very problematic and I ended up firing him. However, he had used my computer at times to test the internet links to the security cameras.

After he left, I found messages from Winpatrol that certain startup commands had been disabled, including WinPatrol. When I checked, I found a a folder under Users/{My User Account}
named XLDEF.

When I reviewed the folder, I found three VBS scripts, setup.vbs, start.vbs, and another. In addition, there were three DAT files. One had a very complex VB script. The other two files were compiled DAT files. In addition, there were over 580 files with random numbers and random extensions. When I checked some of these files, they contained only 1 entry, usually a character string starting with the leter K and a number after the K.

I have removed the entry in the registry, moved the files and directory off the hard drive, and made a copy. I am suspicious that this is a keylogger but nothing is detecting it. MSE did say it was suspicious and I sent it to them, but who knows how long it will take to find.

For obvious reasons, I have not uploaded it yet and will provide it to the right people for review.

Thanks!!!