Update:

1.  Norton AV 2009 - after a full scan, there are no Unresolved Threats.  

     All items in Quarantine have "Removed" status.

     Haven't found any threats/viruses since 4/3 - Vundo, as noted above.

1.1  Windows Defender:  ran a full scan - clean

1.2  Malwarebytes:  ran a full scan - clean.

2.  HijackThis TrendSecure report link - http://hjt-data.trendmicro.com/hjt/display_data.php?report=9553970

3.  HijackThis log file:   (Complete log available too, not posted here)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:38 AM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

 

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155049269703
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127181626132
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://D:\Bin\html\files\MotivePreQual.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 6407 bytes

Update:   Following up on the suggestion to run a SUPERAntiSpyware scan. 

I have the list of adware.tracking cookies, though I won't post them here. 

The trace source scan results are posted below:

Trace.Known Threat Sources
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\CXU7G1MJ\footer_dots[1].gif
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\89UBKLIR\CA23OL2R.htm
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\CXU7G1MJ\shopica_logo_bott[1].gif
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\8TEZS9UR\shopica_logo_top[1].gif
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\8TEZS9UR\ads[1].htm
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\8TEZS9UR\search[1].htm
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\CXU7G1MJ\CA7Y4ZJX.htm
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\8TEZS9UR\sp[2].gif
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\89UBKLIR\js[2].js
 C:\Documents and Settings\username 2\Local Settings\Temporary Internet Files\Content.IE5\CXU7G1MJ\style[3].css
 

Hi

Do you have more than NIS/NAV 2009 installed in terms of Symantec products??  

Quads

Seeing as the malware scans are coming up clean AND if NAV2009 is the only Norton product you are currently using, please do the following (make sure you have a good copy of the NAV installation file you have downloaded earlier):

1. Uninstall LiveUpdate from Add/Remove Programs.

2. Uninstall NAV2009 from Add/Remove Programs.

3. Reboot computer into safe mode.

4. Run NRT tool. Do not reboot yet.

5. Use windows Explorer to search for and delete

C:\Program Files\ Norton*

C:\Program Files\Symantec

C:\ProgramData\Norton*

C:\ProgramData\Symantec

6. Reboot into Sfae Mode.

7. Run NRT (just to be sure; this one may take awhile as there should be very little for it to find; this is quicker if it finds a matching product instead of having to go throught the entire list of MSI, however...)

8. Reboot into Normal mode and set up Vista to do a 'Clean Boot' ( directions are here ).

9. Boot into 'Clean Boot' and install NAV2009.

10. Reboot into 'Clean Boot' and check NAV2009 is running properly.  Update untill update says no more to load.

11. Reboot into 'Clean Boot' - final check that all is ok.

12 Undo the 'Clean Boot' (you can enable start up items one at a time to check if there is any conflicts but you should be able to start normally now)

13. Boot into normal mode and enjoy.

IF you have any problems with this please tell us at what step it occurs. (Your HiJackThis log looked very clean so you should have no problems with this.) 

The reason I asked if there is another product from Symantec installed other than NIS /NAV 2009 is that if the thread starter DOES the Hijackthis log is OK, well sort of.

If the tread starter DOES NOT the the Hijackthis log shows that there is on startup etc. which then doesn't seem to match 

Quads 

Saw that;  why I asked “IF NAV was only product…”

Why 2 entries in the O4 section is a bit strange anyway

Quads 

Time will tell if we ever hear back.

---

dbrisendine wrote:

Seeing as the malware scans are coming up clean AND if NAV2009 is the only Norton product you are currently using, please do the following (make sure you have a good copy of the NAV installation file you have downloaded earlier):

 

1. Uninstall LiveUpdate from Add/Remove Programs.

2. Uninstall NAV2009 from Add/Remove Programs

 

..........  << see above post for details >>

---

Solution!   Thank you dbrisendine -- The reinstallation procedure was sufficient to remove the popup.

NAV2009 correctly managed product licensing.

I was concerned about this, because the machine had 357 days left on this year's subscription. 

I'm always amazed when things work the way you would expect - this was the third PC installed on a 3-machine subscription pack.

NAV2009 was the only installed antivirus utility.   Microsoft Defender is the installed spyware utility.

This machine is one of 13 that I maintain for this non-profit organization.   Sorry if the delay in implementing suggestions wasn't real-time, their office is not on my typical commute path, thus when I did visit, it was before or after my day job.

<soapbox>

I am disappointed that Symantec Staff didn't jump in on this thread.  In 20/20 hindsight, this was an corrupt software state/bug situation, NAV2009 was just confused.  The reinstall addressed this issue well.  

Discoverability of Symantec Support is very poor.  I searched unsuccessfully to find how to directly enlist their support.  

I'm thankful only for their support of the user forum. 

NAV2009 seems to be a complete application re-write.  

From my experience maintaining >40 PCs, the NAV2009 isn't the installation time-kill that NAV2008 proved to be. 

Further, It seems to better utilize CPU idle time, and doesn't drag the machines' interactive performance down

</soapbox>