the thing is, i’ve logged onto my paypal on this computer and if anyone is tracking my passwords, this can all come crashing down on me and make my life hell. any help would be greatly appreciated 
i ran avast today and these are the infected files it picked up:
http://img243.imageshack.us/img243/2967/zzfp0.jpg
are these harmful? if so what’s the best way to remove them? thanks in advance.
edit: hijackthis log : http://www.sendspace.com/file/boqxyo
You should post a HJT log so the experts can better assist you.
Download TrendMicro HijackThis.exe (HJT) to the Desktop.
[*] Double-click on HJTInstall.
[*] Click on the Install button.
[*] It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
[*] Upon install, HijackThis should open for you.
[*]Click on the Do a system scan and save a log file button
[*] HijackThis will scan and then a log will open in notepad.
[*] Copy and then paste the entire contents of the log in your post.
[*]Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
hi…its a vundo…use MBAM free or SAS free update them prior to scanning.
This isn’t exactly Vundo. It’s a password stealing trojan.
@two, you should change all of your passwords from a computer you know is NOT infected. Read this article: Danger: Remote Access Trojans.
@ thathagat, what’s a vundo?
@evilfantasy, thanks for the help, just finished the scan but it won’t let me post it on here so i uploaded it to sendspace. i also plan to go over to my friends place tomorrow to change my passwords.
http://www.sendspace.com/file/boqxyo (notepad file)
Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email. http://en.wikipedia.org/wiki/Vundo_trojan
I may have told you wrong. The syswow64 folder is a legitimate folder for your OS.
hmm…so avast picked up a false positive? if there are any experts viewing this thread, please check the sendspace link for the hijackthis log
The folder is legitimate, the file isn’t. There is also an indication in the HJT log that you are indeed infected. The Avast team may want you to run certain tools so I would wait for one of them to come along. It’s very early (US time) right now but they will be along.
alright i’ll wait for them, thank you very much for the help evil. ;D
You seem to have two anti-virus programs installed, which is never a good idea because they fight like two dogs over a bone and leave you less secure.
If you want to keep Kaspersky, you will need to remove avast!
If you want to keep avast!, you will need to uninstall avast! and Kaspersky, then reinstall avast!, otherwise avast! may not work correctly.
I don’t about the syswow64 folder: something about running 32bit aps on a 64 bit system, but is it in the right place? Maybe somebody familiar with that system could confirm.
To check the detection, you could extract the file from the chest to the desktop, temporarily disable avast1 and send the file to VirusTotal for analysis.
This entry looks like Vundo (deactivated?) so it would be worth running the two scanners mentioned by thathagat:
EDIT: O20 - Winlogon Notify: khfFWpOh - khfFWpOh.dll (file missing)
SUPERAntiSpyware Free
Malwarebytes’ Anti-Malware
Obviously using PayPal you want to be absolutely sure there’s nothing bad on you computer, so try some online scans:
(Disable avast! while scanning.)
F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner
In any event, I’d recommend changing your passwords, just to be on the safe side.(Disable avast! while scanning.)
F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner(Disable avast! while scanning.)
F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner
When you have finished, scan for out-of-date and insecure software using Secunia Online Software Inspector (OSI) and update any vulnerable software: this will help to prevent future infections.
are you running vm ware if yes what os in it…?
wow, thanks alot for the help freewheelinfrank. how exactly do i disable avast! ? (sorry, i just got it installed onto the comp about a day ago)
@ thathagat, what’s vm ware? i don’t think so?
Just right click the icon in the Task bar and choose Stop On-Access Protection.
ok thanks.
well i uninstalled kaspersky, then uninstalled & reinstalled avast!, i think the viruses were in the chest when i uninstalled it so did i delete them by mistake?
Everything including the contents of the chest would have been removed on the uninstall.
alright well i think my computer is free of viruses. thanks again for the help everyone, greatly appreciate it. 
You’re welcome.
Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.