Theres a few shady people out there trying to get you to download their keylogger so they can steal your passwords to gain access to your Bank account or Cabal account.
If you feel that you may have a logger on your computer (or even if you dont) the best thing you can do is close down all your open ports, close down all uneccessay apps and services which might need access to the net, and then monitor your ports and use a packet sniffing program to trace the IP address the keylogger sends your keystrokes to.
Then either contact the Police to see if they can have their PC confiscated, contact their Internet Service Provider (which will most likely inform the Police) or just send to the G-M staff.
First see what ports you have open by going to:
You will see what ports are open and whats keeping them open. Most ports can simply be closed by going into your services and choosing to disable them from starting up when your computer boots up.. e.g, if you wanted to close the port ALG leaves open then you would go to..
in prompt type Netstat -abno
Navigate to Application Layer Gateway, right click and choose Properties, in Startup Type choose Disabled (or Stop and then do Netstat -abno in Cmd to see if thats the service that closes the port).
You should be VERY careful with what services you disable as some can end up messing up your Windows, like, not having the Start Menu appear when you bootup Windows and the only way you could repair it would be to enable the service through Recovery Console on the XP CD or by re-installing Windows if you didnt know how. Services you should never touch would be ones like DCOM, RPC and COM+. If you have doubts on the service you want to disable visit here and check the name to see if its a needed service.
You may still have some ports which will refuse to close, if thats the case then try downloading the Windows and Worms Door Cleaner which should be able to shut down them troublesome ports.
Some keyloggers run from folders or just the standard Run registry keys so check at what you have at Windows bootup, first at:
If theres nothing shady in there, look in
If all clear goto:
and look in either of these reg key subfolders
Once you have closed all open ports and stopped applications like Windows Update, Windows Messenger etc from starting up after youve rebooted your PC, its time to use a packet sniffing program to see if anything is on your computer trying to call home.
HKEY_USERS <- subfolders in this folder
and navigate to:
see if theres anything in the Run / RunOnce / RunOnceEX folders.
If theres anything in there that shouldnt be, delete.
If Windows XP 64 bit, there should be another folder to check
and once again look in the Run / RunOnce / RunOnceEX folders
WireShark is a good program that will monitor your network connection and tell you the IP's your PC is trying to communicate with. Leave it running for about an hour and a half to see if theres any network activity, you may see some coming from your modem/router etc but you should be able to easily distinguish whats legit traffic and whats dodgy, whats incoming and whats outgoing.
If you have something dodgy on your PC you need to find the exe thats trying to send out all your data. Try using an anti-virus program or free anti-spyware programs like Lavasoft, Spybot or HiJackThis to see if they can track it down, if they do DONT delete but instead compress the exe using Winrar or Winzip.
Once you have the IP (and preferably the keylogging program), pass it onto the GM's at the Support Center. With a bit of investigating the person in question should then eventually get banned and your items returned.
You may also want to track where that keylogger came from to prevent other users getting infected! If you have a website in mind where it probably came from then try using a monitoring program like SpyEx which can view not only everything thats running in your Windows background but it can also show scripts etc thats hidden in the webpage your viewing (alot quicker than having to View Source all the time.)
Once again once youve tracked down the offending site, include the site name with your proof when you send to the GM's. If you dont want to inform official authorities G-M's might do that for you.
Also try reading Nicolai's post about security.
Always stay safe people and only trust those close to you.