There's no hard and fast way to protect your corporate networks from keyloggers and such.
There shall be multi-fauceted ways to deal with the situation (or protect your office network from harm), and it will cost a bit of money.
To start: if your environment is in a Windows AD situation, make sure most users including your management level, shouldn't have too much rights beyond what's needed. Lock the user accounts down whenever possible.
2nd: make sure you have a valid AV solution on all PCs.
3rd: restrict user's internet access to only their job-related sites. Using filters like websense and rigidly enforce it. Don't give anyone access beyond what's needed (work-related) on the network.
4th: set all your PCs, servers, etc. to aggressively obtain and force them to update on a regular basis: e.g. every 2nd Tuesday (or sometimes even the 4th tuesday of the month).
5th: when possible, have email filtering appliances on the gateway level to filter off unwanted spams, luring emails (with http redirection to spammy site or malicious site).
6th: for those who needs internet access, have malwarebytes installed to protect the browser from BHO hijacking, malicious java scripts, malformed XSS or html, etc.
7th: consider the use of a power DNS host such as OpenDNS, etc. to protect online activities from being mis-directed to questionable/malicious sites, including those potential activities triggered by keyloggers, etc.
8th: always start with a clean PC image with AV installed and configured. Never try to salvage an infected PC and put it back into the network/in-service.
9th: use an effective firewall on the network border side.
10th: set computer usage/internet policy within corporate environment and have all the staffs acknowledged and signed them. This will help in properly enforcing safe/proper internet usage and protect from abuse.
Good luck.
Q.