Are you looking to detect it? Most current AV software should pick up on it unless the attacker buried it in a rootkit with anti-AV measures. Most enterprise installs of AV contain heuristic scanning which can sometimes pick up on them. Also are you looking to detect physical keylogging devices? You may also want to look into some rootkit detection software (rootkit revealer comes to mind). It might pick up on rootkits that may be hiding keyloggers.
Another way to try and detect is by utilizing more advanced firewall rules. Be sure to block outgoing traffic, might even want to do a block all on the specific system and let all traffic hit the wall. Run a local packet sniffer on the interface (rawdump is nifty or Wireshark). That way you can see if any apps are trying to send out traffic even though you have nothing opened. Its not the keylogger that is the troubling part, but the data it is sending.
hope this helps. Now you got me a little more curious on the topic...