OMG, I'm getting hacked!!!

[Rumrunner]

I was installing a keylogger, and it turned out to be a keylogger for someone elses use I guess! What is going on here?

http://img.photobucket.com/albums/v636/rrrr/WTF.jpg
http://img.photobucket.com/albums/v636/rrrr/wtf2.jpg
http://img.photobucket.com/albums/v636/rrrr/wtf3.jpg
http://img.photobucket.com/albums/v636/rrrr/WTF4.jpg

This program claims that it installed itself on my computer, but I don't see it running or anything.

 

[Direwolf20]

First, calm down. You most likely aren't being hacked, but just in case, lets see whats going on here. Can you explain what you were doing, and what happened? The information you give is incredibly brief, and you show a bunch of pictures but don't explain a single thing about what they are.

Are you saying you were going to install a keylogger, but it turns out there was already one there, and it gave a message saying that it was already installed?

 

[GreNME]

1. What the hell were you doing installing a keylogger in the first place?
2. Use your antivirus to do a search and get rid of all instances of the keylogger (looks like you have NAV 2005, should work).
3. Don't ever do something like this again.

 

[MeanieMan]

Ad-aware, Spybot, Microsoft Anti-spyware
Google them, install them, run them.


Your pictures look like ass and don't explain anything.

1. What the hell were you doing installing a keylogger in the first place?
2. Use your antivirus to do a search and get rid of all instances of the keylogger (looks like you have NAV 2005, should work).
3. Don't ever do something like this again.

I use a keylogger on my machine as well so STFU.

 

[Rumrunner]

I FTP'd what I thought was a keylogger. When I ran the exe. file, it installed and then said "ENJOY BEING HACKED" See the first pic again, I reloaded it and you can see the nasty message. I did try running antispyware, norton and adaware. Its almost as if the program doesnt even exist on my computer.

 

[MeanieMan]

I FTP'd what I thought was a keylogger. When I ran the exe. file, it installed and then said "ENJOY BEING HACKED" See the first pic again, I reloaded it and you can see the nasty message. I did try running antispyware, norton and adaware. Its almost as if the program doesnt even exist on my computer.

If it didn't come up in any of those programs then you've been had, not hacked.
If there isn't an uninstall option, (I doubt there would be) delete the program folder. Then run the program name through regedit.

 

[Direwolf20]

If it didn't come up in any of those programs then you've been had, not hacked.

Not neccesarily. He could still have it.

To the OP:

I suggest taking a screenshot (or listing) all the processes running on your computer.

Press ctrl-alt-del, and click on the processes tab. It'll list everything running.

 

[Rumrunner]

Here is what the read me says. Is this a gimmick, how can i know if im really being hacked?

http://img.photobucket.com/albums/v636/rrrr/wtf5.jpg

 

[GreNME]

I use a keylogger on my machine as well so STFU.

So, I should shut the fuck up because you also run skiddie tools? Try again.

Keyloggers are, in general, not useful for anything but spying on others. If you are using such a program on others who use the computer you use, then you have a whole lot more problems than whatever you think they might be doing on that computer (trust, honesty, etc.). If you think someone is doing something wrong on the computer and it is yours, lock them the hell out of it. Using it on a spouse could very well wind up being grounds for divorce. Using it on parents is a good way to get privileges revoked when (not if) you get caught. Using it on kids is just ridiculous, since setting permissions and doing regular account auditing is more than capable of tracking what someone may be doing on the computer.

Keyloggers are malware, and if people are going to be discussing them then the rules of the forum must be seriously kept in mind here. This is not some forum to discuss how to secretly hack your spouse's, significant other's, children's or parents' various user accounts or spy on them for whatever reasons you want to use to justify them.

 

[SJConsultant]

If it didn't come up in any of those programs then you've been had, not hacked.[/URL]

Maybe... maybe not..... there are many keyloggers and rootkits that have yet to be detected. The *only* way to know for sure that the OPs system is clean is to do zero the drive and do a clean install.

 

[MeanieMan]

Not neccesarily. He could still have it.

To the OP:

I suggest taking a screenshot (or listing) all the processes running on your computer.

Press ctrl-alt-del, and click on the processes tab. It'll list everything running.

All my keyloggers come up in all three of those search programs. With a name and obvious installation folder like that, there is about a .01% this is real and yet missed by the spyware sweeps.

 

[Rumrunner]

Well, I was actually just curious about it, I thought I might learn something cool, but now I really have a problem and I need help fixing it.

 

[Rumrunner]

http://img.photobucket.com/albums/v636/rrrr/wtf6.jpg

There is my task manager...

 

[MeanieMan]

So, I should shut the fuck up because you also run skiddie tools? Try again.

Keyloggers are, in general, not useful for anything but spying on others. If you are using such a program on others who use the computer you use, then you have a whole lot more problems than whatever you think they might be doing on that computer (trust, honesty, etc.). If you think someone is doing something wrong on the computer and it is yours, lock them the hell out of it. Using it on a spouse could very well wind up being grounds for divorce. Using it on parents is a good way to get privileges revoked when (not if) you get caught. Using it on kids is just ridiculous, since setting permissions and doing regular account auditing is more than capable of tracking what someone may be doing on the computer.

Keyloggers are malware, and if people are going to be discussing them then the rules of the forum must be seriously kept in mind here. This is not some forum to discuss how to secretly hack your spouse's, significant other's, children's or parents' various user accounts or spy on them for whatever reasons you want to use to justify them.

No, you need to STFU cause you obviously have no clue how programs are classified. Or what their uses are. Keyloggers malware? WTF?
The guy asked for help and you come in here bitching at him, way to go.

 

[SJConsultant]

All my keyloggers come up in all three of those search programs. With a name and obvious installation folder like that, there is about a .01% this is real and yet missed by the spyware sweeps.

My point is the OP cannot know for 100% if his system is clean based on any spyware, AV, trojan, or other cursory scanning tools.

The *only* way to 100% if his system is clean is to wipe out his install and start from scratch.

Maybe you are willing to take risks, but maybe the OP doesn't.

 

[GreNME]

No, you need to STFU cause you obviously have no clue how programs are classified. Or what their uses are. Keyloggers malware? WTF?
The guy asked for help and you come in here bitching at him, why to go.

You're being a real ass right about now. Keylogger >> skiddie tool >> spyware >> malware.

The guy should not have been playing with skiddie tools on an environment that was not protected and sandboxed appropriately (i.e.—VMWare environment). If NAV 2005 is really installed like the screenshots seem to imply, then that should be able to do a full scan and get rid of any possible malware on the machine. After that I suggest she/he stay away from messing with keyloggers again.

 

[MeanieMan]

My point is the OP cannot know for 100% if his system is clean based on any spyware, AV, trojan, or other cursory scanning tools.

The *only* way to 100% if his system is clean is to wipe out his install and start from scratch.

Maybe you are willing to take risks, but maybe the OP doesn't.

With that kind of 100% protection mindset how are you even on the internet?
----

Now that you have a screenshot of the taskmanager start googling the process names.
If its a problem its usually on the first page of results and listed as such.

----
"Keylogger >> skiddie tool >> spyware >> malware"
That explains oh so much for how you view computers and programs.

 

[GreNME]

"Keylogger >> skiddie tool >> spyware >> malware"
That explains oh so much for how you view computers and programs.

Oh, in your great wisdom, why don't you explain to all of us what a keylogger is if it isn't a skiddie spyware tool? If you get it from some "company" for 25 bucks or you get it from one of the many wannabe "h4x0r" sites out there, it is a skiddie tool for the express purpose of spying. That classifies it as malware, plain and simple.

Give a single, serious, practical use for a keylogger.

 

[SJConsultant]

With that kind of 100% protection mindset how are you even on the internet?.

This has nothing to do with my internet habits so don't even try shifting the topic of debate. The OP downloaded a keylogger and installed on *on purpose*.

You seem to imply that a keylogger can be easily detected and removed. I say there is no 100% way to know for sure without formatting and reinstalling.

FYI commercial software companies have utilities that are undetectable and survive simple formats, thus requiring extraordinary means to remove such tools.

 

[MeanieMan]

Oh, in your great wisdom, why don't you explain to all of us what a keylogger is if it isn't a skiddie spyware tool? If you get it from some "company" for 25 bucks or you get it from one of the many wannabe "h4x0r" sites out there, it is a skiddie tool for the express purpose of spying. That classifies it as malware, plain and simple.

Give a single, serious, practical use for a keylogger.

http://www.cs.umn.edu/help/security/spyware.php

Now before I go into uses for loggers, are you saying there are zero legal ways to use one? Cause thats what malware is, which keyloggers aren't.

spyware != malware.

This has nothing to do with my internet habits so don't even try shifting the topic of debate. The OP downloaded a keylogger and installed on *on purpose*.

You seem to imply that a keylogger can be easily detected and removed. I say there is no 100% way to know for sure without formatting and reinstalling.

FYI commercial software companies have utilities that are undetectable and survive simple formats, thus requiring extraordinary means to remove such tools.

No, what I'm implying that from the info he provided this isn't one of the top dollar keyloggers. Its got an unhidden plan as day system folder and welcome message.
And you comments have everything to do with your habits. You are trying to install fear and waste this man's time with a full zero format.
You either don't see whats happening, or honestly believe every website banner requires a format. Because there is no 100% secure way to get on the internet.

 

[Red Machine D]

Hey, uh, while you guys are having your little flamewar, the OP is defecating himself in fear.

 

[GreNME]

http://www.cs.umn.edu/help/security/spyware.php

Now before I go into uses for loggers, are you saying there are zero legal ways to use one? Cause thats what malware is, which keyloggers aren't.

spyware != malware.

You're being intentionally obtuse.
Malware: "Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission."

No, what I'm implying that from the info he provided this isn't one of the top dollar keyloggers. Its got an unhidden plan as day system folder and welcome message.
And you comments have everything to do with your habits. You are trying to install fear and waste this man's time with full zero format.
You either don't see whats happening, or honestly believe every website banned requires a format.

"Top dollar" keyloggers still get flagged by any antivirus worth its mettle, as well as most spyware removal programs. They are still malware. Just because you pay for it doesn't make it a valid program.

 

[SJConsultant]

No, what I'm implying that from the info he provided this isn't one of the top dollar keyloggers. Its got an unhidden plan as day system folder and welcome message.
And you comments have everything to do with your habits. You are trying to install fear and waste this man's time with full zero format.
You either don't see whats happening, or honestly believe every website banned requires a format.

I am providing advice that is based on sound practices surrounding computer security. If you don't agree with me then fine, but in the end it's up to the OP to decide how he wants to handle his "situation".

 

[GreNME]

Hey, uh, while you guys are having your little flamewar, the OP is defecating himself in fear.

For him and all the other Sub7 wannabes out there, this is exactly reason to not play with this shit from now on.

 

[GreNME]

The Wikipedia definition also agrees with me, as "keylogger" is listed along with other forms.

 

[ANTDrakko]

<~~ New Guy.


Now seriously people this whole thread can be put altogether reaaaal quick without any flames at all.

OP, you MAY have installed a bad Keylogger. It MAY not be able to be detected yet by any AVs or Anti-Spywares. It MAY be a trick. Honestly, none of us have a 100% definative answer.

However, you have been given some advice. That advice is to do one of the following:

-Try and remove it yourself, since nobody here is able to instruct you on how exactly to do so.

- Back up everything you deem important and wipe/reinstall your system.

Thats it. I'm sorry none of us could be of any help to you, but at least now you know and understand your options.


My personal advice? Keyloggers and similar software are prime targets for being faked and bugged. Be careful anytime you use one. /shrug.

 

[Monkey34]

I dont see anything outright bad in the process list. Problem is, as was said, you dont have a definitive way of knowing if its there or not. Even locking down all outbound internet info wont neccicarily work, because you could accidently send its log out attatched to an e-mail without knowing.
This sucks.........I hate to admit it, but a fresh wipe and install is the only way to FULLY be sure your safe. The hacker won either way..........he gets your passwords/info, or he got you to format and start over.

 

[Ranma_Sao]

It could be a joke, it could not be a joke. The only way to tell is to start over clean.

You can try booting BartPE and doing a malware scan on the offline drive, but that's not guaranteed to clean it, but it's your best chance. Problem is you cannot guarantee that you are safe, without a kernel debugger etc...

 

[Qualm]

It's a hoax. Not even a particularly good one, but it obviously can snag the relatively inexperienced.

To echo a couple other's comments - don't install stuff like that unless you KNOW what the heck you are doing.

To a couple of poster's in this thread - well written keyloggers and other types of programs that are more malicious than the average virus will NOT show up like this stupid hoax does. There are numerous ways to completely hide your malware from the user, including from the processes list.

 

[eno-on]

Install hijack this,
post the log here, we should be able to see if its an item thats been set to run. It can also tell us where the hell it is.

 

[OPUS1]

Hey, uh, while you guys are having your little flamewar, the OP is defecating himself in fear.

LOL

Would it help to scan in safe mode?

 

[Lord of Shadows]

Probably did nothing, but I would delete your partitions and reinstall before using your credit card on that machine. =)

 

[eno-on]

Install hijack this,
post the log here, we should be able to see if its an item thats been set to run. It can also tell us where the hell it is.

Here, I'll link it for you...
http://www.spywareinfo.com/~merijn/downloads.html

run it and post the log, please.

 

[odoe]

The next person to tell someone to STFU can take a vacation.

 

[Rumrunner]

Here is the hijack this log...

Logfile of HijackThis v1.99.1
Scan saved at 12:04:34 AM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\TDS3\tds-3.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Rumrunner\Desktop\hijackthis\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1041463023751
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[OldMX]

I'd worry if i find that keylogger disguises itself as a windows real process, like svchost.exe

0ldMx

 

[Rumrunner]

I could go through a reinstall, but I really want to beat this thing to learn something new. There has to be some way to gain control over what runs on my computer, I am ready to go to a friggin command prompt and access my kernal and shet. I want to send the maker a little message that says "DON'T QUIT YOUR DAY JOB, YOUR LITTLE PROGRAM GOT BBQ'D!!!"

 

[Oldie]

Unfortunatley those who say the only sure way is to wipe and reinstall are correct. Many loggers can be hidden from view very very well. I would also advise staying away from the "anit-keylogger" software out there. Most of them are a joke and just take your money.

And just for the record, keyloggers have many valid uses. In corporate/government environments, they're used to monitor proprietary/non-public information. Basically if it's not your box, you're subject to the choices made by the owner. Also as a parent, while I hope I would never have to resort to something like that, I'd rather invade my child's privacy than identify their body at the morgue. Good Luck!

 

[GreNME]

1. If you want to see what services svchost.exe is using, you can try simple programs like Process Explorer to check it out.
2. If your motivation is trying to "one-up" the guy who made a fool of you, stop where you are and reformat. This isn't about getting into l33t pissing matches.
3. I can tell everyone with certainty that if a corporation is using a keylogger to keep security, the IT department sucks major ass. There are so many other methods of keeping a tight audit of what the users are doing that it's unnecessary. The only thing that wouldn't be easily audited would be if someone was keeping a Notepad diary and even then the actual creation of the files would be audited, not the contents themselves. No government agency that I know of has a policy of using keyloggers for maintaining security, because any agency using tight security measures would have zero need for it with all of the other auditing in place (not to mention the privacy issues that would have to be covered by agreement). Using the "corporations and government agencies" argument is tin-foil beanie talk that holds little or no basis in fact.
4. As a parent, if you have to do that to monitor your children you have worse problems than computer use. Same if you use it on a spouse, girl/boyfriend, parent, or a friend.

To Rumrunner: I would suggest removing the msmsgs.exe from your HKLM hive and getting rid of that hosts file entry, the latter of which is merely questionable while the former is just something you likely don't use (unless you start MS Messenger when Windows starts).

 

[Rumrunner]

1. If you want to see what services svchost.exe is using, you can try simple programs like Process Explorer to check it out.
2. If your motivation is trying to "one-up" the guy who made a fool of you, stop where you are and reformat. This isn't about getting into l33t pissing matches.
3. I can tell everyone with certainty that if a corporation is using a keylogger to keep security, the IT department sucks major ass. There are so many other methods of keeping a tight audit of what the users are doing that it's unnecessary. The only thing that wouldn't be easily audited would be if someone was keeping a Notepad diary and even then the actual creation of the files would be audited, not the contents themselves. No government agency that I know of has a policy of using keyloggers for maintaining security, because any agency using tight security measures would have zero need for it with all of the other auditing in place (not to mention the privacy issues that would have to be covered by agreement). Using the "corporations and government agencies" argument is tin-foil beanie talk that holds little or no basis in fact.
4. As a parent, if you have to do that to monitor your children you have worse problems than computer use. Same if you use it on a spouse, girl/boyfriend, parent, or a friend.

To Rumrunner: I would suggest removing the msmsgs.exe from your HKLM hive and getting rid of that hosts file entry, the latter of which is merely questionable while the former is just something you likely don't use (unless you start MS Messenger when Windows starts).

Good info, you are very knowlegeable. I didn't download it to audit anyone, I just simply wanted to see how a keylogger worked, I am just the type of person to explore what I don't know. I do not want revenge on the hacker, I would like to tell him that he didn't get the best of me though; wouldn't you?