Hello nora-b,

Could you clarify which Norton Product (NIS, NAV, 360) and Version you are running?  (Main UI, Support > About - version number should be right there)

"I also run NEP.exe, and it found a couple of things it fixed, but the problem still exists."  Do you mean the Norton Power Eraser?  If so, what items did it present as needing to be fixed? This is important.

The support document you cite is for Symantec Endpoint Protection which is a corporate version. Please disregard that document unless you are using SEP.

Thanks!

I am running Norton Antivirus 2012 v.19.7.1.5

Sorry for the misspell, yes, I run Norton Power Eraser.  Two things were fixed, but I don't know what they were and cannot find a  log . . .  Do you know where this would be located?

To read the logs, follow the instructions at this link.

You should be able to copy the XML file and save as a .txt file (Notepad) and attach to your next post.

See the attached log created by the NPE run.

I am sorry, but there is virtually nothing there to read.

Did you copy the entire xml file and paste it into notepad?

this is weird . . . when I click on the link in the post, it brings up the file with contents, and I also see the text in the file I saved.  So, to make it easier, I'm going to include the last part of the log in here, where you can see the things that were fixed (or where I thought they were described last).  (If you'd like to see the entire file, I can try again to attach the file or maybe send it to you via email--let me know).

========================

<Analyze DateAndTime="Saturday, 02 June 2012 Time: 09:40"><Infections_Detected><DRIVERS Count="0"/><SERVICES Count="1"><Service ID="1"><File_Information><Path>c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe</Path><FileVersion><></FileVersion><ProductVersion><></ProductVersion><ProductName><></ProductName><Company><></Company><Copyrights><></Copyrights><MD5>BC7E53021A58F10197C098D651A71405</MD5><SHA256>AC4704233F057167B9610D722B498E930D3C3DA20BC1A987F9772BD8E772D13B</SHA256><FileSize>753504</FileSize></File_Information><SideEffectsa Count="2"><File>c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe</File><RegistryKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPFFontCache_v0400</RegistryKey></SideEffects></Service></SERVICES><PROCESSESp Count="0"/><LAYERED_SERVICE_PROVIDERS Count="0"/><DESKTOP_SHORTCUTS Count="0"/><AUTORUN_FILES Count="0"/><STARTUP_ITEMS Count="0"/><BROWSER_HELPER_OBJECTS Count="0"/><BROWSER_TOOLBARS Count="0"/><BROWSER_PLUGINS Count="0"/><SHELL_EXTENSIONS Count="0"/><EXPLORER_PLUGINS Count="0"/><DIRECTORIES Count="0"/><FILES Count="0"/><SYSTEM_SETTINGS Count="0"/></Infections_Detected></Analyze><RemoteScan DateAndTime="Saturday, 02 June 2012 Time: 09:40"><Infections_Detected_By_Remote_Scan><DRIVERS Count="0"/><SERVICES Count="0"/><PROCESSES Count="0"/><LAYERED_SERVICE_PROVIDERS Count="0"/><DESKTOP_SHORTCUTS Count="0"/><AUTORUN_FILES Count="0"/><STARTUP_ITEMS Count="0"/><BROWSER_HELPER_OBJECTS Count="0"/><BROWSER_TOOLBARS Count="0"/><BROWSER_PLUGINS Count="0"/><SHELL_EXTENSIONS Count="0"/><EXPLORER_PLUGINS Count="0"/><DIRECTORIES Count="0"/><FILES Count="0"/><SYSTEM_SETTINGS Count="0"/></Infections_Detected_By_Remote_Scan></RemoteScan><Remediate DateAndTime="Saturday, 02 June 2012 Time: 09:40"><Infections_Selected_For_Remediation><DRIVERS Count="0"/><SERVICES Count="1"><Service ID="1"><File_Information><Path>c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe</Path><FileVersion><></FileVersion><ProductVersion><></ProductVersion><ProductName><></ProductName><Company><></Company><Copyrights><></Copyrights><MD5>BC7E53021A58F10197C098D651A71405</MD5><SHA256>AC4704233F057167B9610D722B498E930D3C3DA20BC1A987F9772BD8E772D13B</SHA256><FileSize>753504</FileSize></File_Information><SideEffectso Count="2"><File>c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe</File><RegistryKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPFFontCache_v0400</RegistryKey></SideEffects></Service></SERVICES><PROCESSES: Count="0"/><LAYERED_SERVICE_PROVIDERS Count="0"/><DESKTOP_SHORTCUTS Count="0"/><AUTORUN_FILES Count="0"/><STARTUP_ITEMS Count="0"/><BROWSER_HELPER_OBJECTS Count="0"/><BROWSER_TOOLBARS Count="0"/><BROWSER_PLUGINS Count="0"/><SHELL_EXTENSIONS Count="0"/><EXPLORER_PLUGINS Count="0"/><DIRECTORIES Count="0"/><FILES Count="0"/><SYSTEM_SETTINGS Count="0"/></Infections_Selected_For_Remediation></Remediate></Session0></Norton_Power_Eraser_Information>

========================

I forgot to mention that, since yesterday when I killed the "svchost.exe -k netsvcs" offending service (as it was eating up memory), it has not restarted by itself again, as it did since Monday.  This has not happened in spite of me opening many applications (i.e., IE, Quicken, Outlook, Notebook, WordPad, Excel).  Also, I did not change anything, and I am really afraid to reboot or change something - maybe if I keep the box up forever it will stay this way ;-)    I do have some security patches to install, though . . .

Hello nora-b,

The Norton Power Eraser is a very aggressive tool and has the potential to generate false positives.

I cannot tell from your log if the items removed were infected or legitimate.

I will try to call in some other help to better determine if you have a serious infection.

" I do have some security patches to install, though . . ."   What security patches need to be installed?

Security pathes:

- a bunch of .NET ones that I have not been able to install even before the issue being discussed here

- MS Office patches that recently were distributed, but which I could not install in this past few days because the "svchost.exe -k netsvcs" process would consume memory faster than the patch installation could finish

BTW, I stated that there was no "svchost.exe -k netsvcs" process running after the last time I killed it yesterday, but it is not correct.  It actually is running but now without consuming memory.

Thanks so much for your help!