Well, if Spybot found the keylogger, there is no doubt that it is there, but have you ever logged into your Paypal account through a PUBLIC computer, such as at a school or a library or an internet cafe? Perhaps a wireless computer, or a friends computer? Have you ever clicked an email link to log into Paypal?
Considering it was an issue over the internet, it is hard to say if it was that keylogger that did it, but it is likely. If you are runing a pirated version of Windows, it could be that it may have been BUNDLED with the OS upon installation, which I wouldn't doubt.
Sorry about the Alleged part, I mis-read your original post, where it said "but i know the punk", and that is how I was wondering about the physical access to the machine, wasn't questioning wether or not the theft took place.
Anyways, if you haven't already done so, File a transaction dispute with Paypal ASAP......
https://www.paypal.com/cgi-bin/websc...fileWhat=claim