Just use a browser that isn't IE and you decrease the chances of any dodgy scripts etc by about 99%. Also, I laugh at the idea of binding a keylogger with a PNG image on the net. It wouldn't work because your browser doesn't "execute" the images, it would just display the image as invalid. He's pulling the wool over your eyes.