whenever i got a keylogger, i wouldnt remove it before having some fun
get some packet capturing software, find where the keylogged files are going, the packets are unencrypted(coz it needs to be small) so the username and password for the FTP or email will be there for all to see.
once you get that, go to the FTP where all the logs are, change the password, and heres the kicker:
most keyloggerer's end up keylogging themselves when they first make the keylogger, to test it. they dont worry about it because, well, they dont realise anyone will be smart enough to get into their FTP
sort through all the txt files he has in there, log onto each of the accounts, until you find one that has ALOT of items on it, but specifically, the items will be alot of doubles, i.e. 20 sets of full rune for no reason.
this is your guy. now just trade it off to an alternate account, and voila, foiled keyloggerer.
this was probably one of the most profitable things i ever did on RS.