Hello Daffy,
Well some malicious users are too clever to get caught. When you use a legitimate program or packer or tool for malicious purposes (reverse it), the regular AV products cannot help you. You have to log and monitor yourself against that. If the admin is sloppy and has not changed the name of the keylogger by default, you can look it up on the net (Google after this). They always have some advance over you 'though. For instance there is a good Dos application of 12 kb that I have on a diskette, I install this firewall on your workstation and it runs under Dos and blocks ports for certain services. It is very hard for you to find it, only if you have fully monitored your OS with all the hashes and all the registry, you stand a chance. Regular programs cannot alert against misuse of other regular programs, even if it is adware, they find themselfs in court like with ZoneAlarm and 180solutions was the case. So prevention is always better than to cure a situation. Use SSM, system monitoring and checksum programs, know what is running on your comp, there are sites on the net listing every exe and dll as such, checksums included as the man intended the program.
Use no script, because script runs on your machine and tells whatever it finds on your machine, and inside your browser. Recently we saw a lot of non-intentional installs of spyware and adware in Firefox, because people misinterpret a pop-up like "click here to continue" for a genuine MS prompt, IE with SP 2 is slightly better protected there. Know what you are doing, and "put AVAST po tanken",
greets from near Rotterdam,
polonus