Strange Spyware Detection Paradox

I visited a commercial customer whose 3-month old Windows XP Pro broadband-connected PC was infected with spyware.

I ran the usual spyware removal programs: Ad-Aware, Spybot, Spyblaster, CWShredder and HiJackThis. About 115 components were detected and quarantined.

But some spyware was still present, especially the about:blank browser hijacker, which could not be removed with the software programs.

I also ran Norton AntiVirus 2004, which was updated with recent definition downloads. No viruses, trojans or worms were detected. But here is the surprise: NAV detected 21 "extended threats" (Norton jargon for spyware) listed at the end of the run.

The detected spyware included: BarginBuddy, Binet (5 instances), BlazeFind, ClearSearch, ClickAlchemy, IEPlugin (4), SideSearch, WinFavorites (2), Down_Load Adware, LOP.

When I clicked on one of the "at risk files" (again Norton jargon) within the NAV list, Norton browsed me to their Symantec Security Response for each file respectively. Those web pages provided a detailed description of the threat, including behavior, symptoms, and removal procedures (usually by going to the registry and deleting specific keys). This was very helpful.

Here is the Paradox:

Using the aforementioned spyware removal tools, the 21 instances of spyware were not detected and not listed by those names anywhere. Why not?

However, when I ran NAV, and I tried to delete the "at risk files", the NAV message was "removal failed". Did NAV detect them in quarantine? No, I deleted the quaranined items detected by Ad-aware.

So, I can't detect with the usual tools, and I can't remove the 21 components with NAV, except with registry hacks. What is going on?