Running comcast norton security suite 3.8.0.41 and win xp sp3 with everything uptodate.

I was infected with tidserv trojan and ran the symantec backdoor tidserve removal tool which found it and indicated it was removed.  However, norton then started quarantining  the trojan zefarch.  I followed the symantec instructions for removal deleting the registry entries.  NSS no longer found zefarch and the suspicious processes with garbled names that were starting were eliminated (rundll32 wmpil or something like that).

To be safe, I turned on advanced events monitoring and when firefox started, I got "A process is attempting to perform keylogging activity. Source:  d:\Program Files\Firefox\firefox.exe Type: Key/Keyboard data polling" and blocked it which resulted in the inability to type or use mouse in firefox.  I went back and uninstalled firefox deleting all firefox folders and registry entries I could find.  I follwed this with scans of NSS, super anti spyware, norton power eraser, sophos anti rootkit and malwarebytes in safe and regular modes which found some minor adware issues but not tidserv or zefarch, after which I used norton, cccleaner and glary utilites to clean the registry.

Reinstalled firefox ver 4 and I am still getting the "keyboard data polling" alert but no other symptoms of an infection such as redirects and IE works fine - so am I still infected or is this a false positive?

Thanks in advance for any help.

gary