Backdoor.Tidserv!inf

Have NIS2007 . It said I am infected with Backdoor.Tidserv!inf and to manually remove it. I ran combofix before hand. I thought I'll be a step ahead it getting this resolved. Sorry. Please advise.
This is the log

ComboFix 08-12-18.03 - Anoop Chacko 2008-12-20 15:20:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.605 [GMT 5.5:30]
Running from: c:\documents and settings\Anoop Chacko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\msqpdxcfmioakn.sys
c:\windows\system32\drivers\msqpdxdmxsmexl.sys
c:\windows\system32\msqpdxpshwsunh.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-20 14:08 . 2008-12-20 14:08 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-20 13:29 . 2008-12-20 13:29 d-------- c:\program files\Lavasoft
2008-12-20 13:29 . 2008-12-20 13:29 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-20 13:21 . 2008-12-20 13:21 d-------- c:\program files\SUPERAntiSpyware
2008-12-20 13:21 . 2008-12-20 13:28 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 13:21 . 2008-12-20 13:21 d-------- c:\documents and settings\Anoop Chacko\Application Data\SUPERAntiSpyware.com
2008-12-20 13:21 . 2008-12-20 13:21 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 11:49 . 2008-12-20 11:49 d-------- c:\documents and settings\Administrator
2008-12-19 01:00 . 2008-12-19 01:00 d-------- c:\program files\7-Zip
2008-12-12 22:52 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-12 22:52 . 2008-04-14 00:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-12 22:50 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-12 22:50 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-09 02:12 . 2008-12-09 02:12 d-------- c:\windows\system32\IOSUBSYS
2008-12-02 20:59 . 2008-12-18 21:55 d-------- C:\Sitcoms
2008-12-01 17:53 . 2008-12-01 17:54 d-------- C:\Books

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-20 09:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 06:07 --------- d-----w c:\program files\MPlayer for Windows
2008-12-19 22:16 --------- d-----w c:\documents and settings\Anoop Chacko\Application Data\Skype
2008-12-19 18:51 --------- d-----w c:\documents and settings\Anoop Chacko\Application Data\skypePM
2008-12-18 06:35 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-17 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 16:15 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-12-10 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 08:34 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 20:42 --------- d-----w c:\program files\Google
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-07 16:10 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-07 16:10 --------- d--h--r c:\documents and settings\Anoop Chacko\Application Data\SecuROM
2008-10-26 19:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 19:09 --------- d-----w c:\program files\Vimicro
2008-10-26 19:09 --------- d-----w c:\documents and settings\Anoop Chacko\Application Data\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 08:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 08:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 08:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 08:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 08:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 08:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 08:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 08:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 08:36 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 08:36 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 09:04 625,032 ----a-w c:\windows\system32\SymNeti.dll
2008-10-03 09:04 242,056 ----a-w c:\windows\system32\SymRedir.dll
2008-09-30 11:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-26 18:11 51,716 ----a-w c:\windows\system32\pdf995mon.dll
2008-09-26 18:11 249,856 ----a-w c:\windows\system32\pdfmona.dll
2008-09-21 08:50 50,688 ----a-w c:\windows\system32\wbhelp2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Anoop Chacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-01 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-09-21 4376328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DriveGuard.lnk]
backup=c:\windows\pss\DriveGuard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 17:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2007-04-13 04:46 49152 c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-10-01 23:03 133104 c:\documents and settings\Anoop Chacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
--a------ 2005-09-08 22:14 1363968 c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--a------ 2007-04-13 04:46 57344 c:\windows\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-18 99376]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35e478c-8612-11dd-81ca-0015c5b785dc}]
\Shell\AutoRun\command - System\DriveGuard\DriveProtect.exe -run
\Shell\Explore\Command - System\DriveGuard\DriveProtect.exe -run
\Shell\Open\Command - System\DriveGuard\DriveProtect.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea67-8437-11dd-8b20-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea68-8437-11dd-8b20-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea69-8437-11dd-8b20-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Anoop Chacko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 23:03]

2008-12-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Anoop Chacko.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 14:39]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&pr_platform=PC&site=eaco&locale=en_UK&pr_game=GAME-FIFA08&pr_regcode=X8MMRWM9FIFAKFLTFIFA
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {DCF1B2E6-31E2-4914-8DA7-C6AEDA1ABE2B} = 192.168.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 15:22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxdmxsmexl.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-20 15:23:15
ComboFix-quarantined-files.txt 2008-12-20 09:53:04

Pre-Run: 6,168,760,320 bytes free
Post-Run: 6,234,320,896 bytes free

231 --- E O F --- 2008-12-18 06:33:41

Hello.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35e478c-8612-11dd-81ca-0015c5b785dc}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea67-8437-11dd-8b20-806d6172696f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea68-8437-11dd-8b20-806d6172696f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce1ea69-8437-11dd-8b20-806d6172696f}]
  [-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msqpdxserv.sys]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

What problems remain?

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.