OK, here's the scenario.

A friend of mine has fallen out with his girlfriend. She has a friend who's fairly techy, but not really more so than most.

Anyway, his girlfriend has been able to re-produce his MSN conversations and what websites he has visited. She says her friend (who lives in Oz) is getting the info. My friend runs Kaspersky Internet Security (although he has previously run Avira free edition in addition to Zonealarm) on Windows XP SP3. Now, a virus scan turns up nada. Spybot et al turn up nada.

How is he/she doing this?

Manual searching over logmein or msn remote assist?

He definitely doesn't have logmein installed. Remote assistance is a possibility, but I don't think he's stupid enough to just accept a request.

I'm thinking possibly malware/rootkit distributed via MSN?

Does MSN log conversations to the server? If so has he changed his MSN password recently?

Does he have a Google account? If so does that log his search history? Has he changed that password recently?

His password for both is fairly complex, although you've just raised a good point - I'm not sure how easy his secret questions are to guess, especially for someone as close as his girlfriend.

If she's got access to his machine she can get the logs easily

What's the best course of action then?

So far we've wiped the machine (boot and nuke ftw!) and re-installed Windows (despite my insistence of using Linux). We've got Kaspersky et al up and running. He's now going to change passwords and secret answers to his account.

Is there anything else we should be doing?

EDIT: I should also make clear that any access to his machine would only be possible remotely. I don't think she'll be remaining his girlfriend anymore either.

Have you nailed down the firewall on the router? Have you also left the modem off for a few hours so he gets a new IP?

That should help to shake off the guy in Oz, if it is actually him who is somehow getting the info.

He hasn't done something monumentally stupid like leave default access codes for the router and set it to accept connections from the internet? The guy could have got in that way if he has.

Er, it's a BT Home Hub so I have no idea, it doesn't let you keep the defaults though.

Thanks for the firewall/turning router off tip, I'll pass it on.

As it happens, she's now ex-gf, so hopefully that's problem solved.

Well the msn conversations.. do you mean ALL of them with everyone?

Or just ones with her (in which case they would be saved on her hard drive, as MSN gives the option to save all conversations you have).

Also... you sure it wasnt just a cookie that is tracking her website visiting.. could be transmitted easily enough...