Norton - Connectivity To This Website Is Not Secure

Oh My! · Thursday at 9:03 PM

Thank you again for your patience.

Now that Norton is removed we are going to monitor the system to see if behavior causing the Norton pop up to appear is still present. Even though a pop up won't appear, Process Monitor should capture the activity, if it occurs.

Please do this.

===================================================

Process Monitor Utilizing Customized Import Configuration File

--------------------

If necessary, download Process Monitor and save it to your Desktop

Download MG.pmc and save it to your Desktop

Right click on ProcMon and select Run as administrator

Hit the Ctrl + E keys at the same time to stop capturing events

Hit the Ctrl + X keys at the same time to clear the display

Click Filter, then Reset Filter

Click File, then Import Configuration...

Double click on the MG.pmc file

On the bottom left hand corner of the Process Monitor screen confirm it says No events (capture disabled)

Hit the Ctrl + E keys at the same time to start capturing events (capture disabled should disappear)

Allow Process Monitor to continue running until appex-rf and/or akamaitechnologies appears

When an event occurs hit the Ctrl + E keys at the same time to stop capturing events

Click File, Save, and save the file onto your Desktop using the default file name

Please zip and upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.

===================================================

Things I would like to see in your next reply.

Download link

Fishhead · Thursday at 9:35 PM

Just a thought. My computer has been running since its last boot for several hours. What ever was causing the popup could have already done whatever it was trying to do. Should I reboot and then run the ProMon program?

Oh My! · Thursday at 9:42 PM

Yes, reboot and let it continue to run. Nothing will show up on Process Monitor except for appex-rf and/or akamaitechnologies so it should not be a long list.

Fishhead · Thursday at 10:45 PM

How long should I let it run before giving up? It has been going now for about one hour and no hits.

Oh My! · Thursday at 11:03 PM

Based on our previous experience I think you should have gotten a hit by now. It seems Norton initiated then blocked access to the site.

Do you want to reinstall Norton?

Oh My! · Thursday at 11:09 PM

I am logging off for the evening, didn't want to leave you hanging.

Fishhead · Thursday at 11:22 PM

I have shut ProcMon down. I will go to the Norton site and reinstall. See what happens.

Fishhead · Friday at 1:50 AM

I reinstalled Norton from their website. I set the notifications to mute (do not block) and then I rebooted the computer.

It has run for 2 1/2 hours and no pop notifications have occurred.

Anything else that I should do? and any speculation on what was causing the pop up issue?

Oh My! · Friday at 9:39 AM

Set Norton to block suspicious web activity and see if the pop up returns.

Fishhead · Friday at 11:06 AM

It's back. Booted the computer and went and had breakfast. When I returned the pop up was on the screen.

Oh My! · Friday at 2:46 PM

If you close that window how long does it take for another pop up to appear?

Fishhead · Friday at 4:49 PM

Sorry for the delay. The reappearance is variable, but often it seems like 10 to 15 minutes.

Oh My! · Friday at 4:56 PM

Thanks.

When you are able to live without Firefox/Thunderbird for 30 minutes or so please do this. Let me know if the pop ups stop.

Click Start, type cmd then select Run as administrator

Individually copy and paste each line below then hit Enter. Either confirm the processes stopped or are not started for each command.

taskkill /f /im Firefox.exe
taskkill /f /im Thunderbird.exe

Monitor for pop up behavior

===================================================

Things I would like to see in your next reply.

Pop ups stop?

Fishhead · Friday at 6:28 PM

Ok, I did it. Taskkill works in the directory of the program, so it took a bit to change directories at the command prompt. Taskkill only closes the program if it is running, so it seems.

Bottom line the popup continues to appear.

Oh My! · Friday at 8:45 PM

Please do this.

===================================================

Searching Certificate Manager Database

--------------------

Hit the Windows Key + R at the same time

Type mmc then hit Enter

Click File then Add/Remove Snap-in...

Left click on Certificates to highlight the line then click Add

Select My user account, click Finish, then OK

Close the Console window then click Yes to save the settings

Hit the Windows Key + R at the same time

Type certmgr.msc and hit Enter

Left click on Certificates - Current User to highlight the entry

Click Action then Find Certificates...

To the right of Contains: type Azure

Click Find Now

If any Certificates are found double click on the entry then click the Details tab

Check the Valid to line and see if the Value (date) shows current or expired

===================================================

Things I would like to see in your next reply.

Results

Fishhead · Friday at 8:54 PM

Could not find mme? attached

Oh My! · Friday at 8:55 PM

Try mmc

Fishhead · Friday at 9:11 PM

Going blind.

Fishhead · Friday at 9:17 PM

No certificates found.

Oh My! · Friday at 9:36 PM

Now this please.

===================================================

Reviewing Firefox Certificates

--------------------

Launch Firefox

Copy and paste the below in the address bar and hit Enter
Code:
about:preferences#privacy
Scroll down to Certificates

Click on View Certificates...

Click on the Servers tab and look for Azure

Click on the Authorities tab and look for Azure

Report the results in your reply

===================================================

Things I would like to see in your next reply.

Results?

Fishhead · Friday at 9:58 PM

Azure was not listed in either Servers or Authorities.

Oh My! · Friday at 10:02 PM

Thanks for going through all of that.

What I would like to do is run Process Monitor using the instructions from Post #101. With Norton installed I want to verify appex-rf and/or akamaitechnologies are both detected. If that occurs we are going to uninstall Norton once again and run Process Monitor in the same manner to verify the entries are not being detected.

I have found no research information indicating the pop up is related to anything other than an older version of Chrome (checked Firefox as well) but our lengthy investigation seems to indicate Norton itself may be the issue. I want to intentionally isolate and verify that possible conclusion.

Please repeat the steps in Post #101 and let me know the results.

Fishhead · Friday at 10:20 PM

I will do as asked. But if this is an issue with Norton, wouldn't others (there must be some) be having a similar problem?

Oh My! · Friday at 10:50 PM

I would think so, however very few people are still using Windows 8.1. I am running out of other possible culprits.

Logging off for the evening.

Fishhead · Friday at 10:59 PM

http://www.trawl.org/Logfile.zip

Fishhead · Saturday at 1:23 AM

I wondered about whether additional hits would show up if I let Procmon run longer. So I ran it a second time. After about 30 some hits, I wondered what would happen if I took the blocking off pop ups in Norton. So I opened Norton up to allow pop ups. The number of hits jumped up. They be more of the same and not helpful.

http://www.trawl.org/Logfile2.zip

Oh My! · Saturday at 11:33 AM

Thank you.

I am still investgating the possible root cause of the issue.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Fishhead · Saturday at 11:56 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-03-2025
Ran by Peter (29-03-2025 08:54:40) Run:12
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot
End::
*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\CTLs]

=== End of ExportKey ===

==== End of Fixlog 08:54:40 ====

Oh My! · Saturday at 3:58 PM

Thank you.

Please download CertUpdater.exe and save it to your Desktop

Right click on the file and select Run as administrator

Follow the on-screen instructions to complete the root certificate installation

Let me know whether the root certificate installation was successful or not.

Fishhead · Saturday at 4:51 PM

I receive a message that says "Certificate is already installed". Attached.

Oh My! · Saturday at 7:59 PM

Still working on things.

Oh My! · Saturday at 9:01 PM

Thank you for your patience. This has been quite the challenge.

Please do this.

===================================================

Importing Digital Root Certificate Authorities

-------------------

Download the attached file and save it to your Desktop

Unzip the folder onto your Desktop

Hit the Windows Key + R at the same time

Type certmgr.msc then hit Enter

Click the arrow to the left of Trusted Root Certificate Authorities to expand the category

Right click on Certificates, select All Tasks, then Import

Click Next

Click Browse

Locate and double click on the Microsoft Azure ECC TLS Issuing Certificates folder on your Desktop

Left click on Microsoft Azure ECC TLS Issuing CA 03 then click Open

Click Next twice then Finish

Click Yes on the warning screen

Confirm the Import was successful then click OK

Repeat the steps to import Microsoft Azure ECC TLS Issuing CA 04, Microsoft Azure ECC TLS Issuing CA 07, and Microsoft Azure ECC TLS Issuing CA 08

Close the Certificate Manager screen

Reboot your computer and check for Norton pop ups

===================================================

Things I would like to see in your next reply.

Results?

Fishhead · Saturday at 9:27 PM

I followed the instructions, but following bullet 8 "Click Browse", I could not locate a "Microsoft Azure ECC TLS Issuing Certificates" folder.

What to do?

Oh My! · Saturday at 9:30 PM

Did you download the zip file onto the desktop?

Fishhead · Saturday at 9:57 PM

I downloaded to my download folder and moved to the descktop and unzipped. Attached are two views of the browse folder options.

I will delete all downloads and unzipped files, and download directly to the desktop and then unzip and try once again.

Fishhead · Saturday at 10:02 PM

Same result

Oh My! · Saturday at 11:01 PM

The screen shots do not show the contents on the Desktop but rather the Downloads folder. Do you have the zip file on the Desktop?

I am logging off for the evening.

Fishhead · Saturday at 11:47 PM

Apologies, I was not reading the instructions correctly. Once I navigated to the desktop I was able to compete the task

Once done. I rebooted and in about 10 minutes the notification popup appeared.

Oh My! · Sunday at 2:31 PM

Please do this.

===================================================

Deleting Digital Root Certificate Authorities

-------------------

Hit the Windows Key + R at the same time

Type certmgr.msc then hit Enter

Click the arrow to the left of Trusted Root Certificate Authorities to expand the category

Left click on Certificates

On the right side right click on Microsoft Azure ECC TLS Issuing CA 06 then click Delete (if you can't see the full name of the Certificate hover the mouse over the entry to reveal the full name)

Confirm the deletion

Confirm Certiticates 03, 04, 07, and 08 are present

Reboot your computer and check for Norton pop ups

===================================================

Things I would like to see in your next reply.

Results?

Fishhead · Sunday at 2:40 PM

Microsoft Azure ECC TLS Issuing CA 06 was not listed. Presnet were 03, 04, 07, and 08.

Oh My! · Sunday at 2:50 PM

Thank you.

Instead of uninstalling Norton again I am going to see if I can disable it using a registry script.

Please do this.

===================================================

Manually Importing an Attached Registry Key (.reg) File

-------------------

Download Norton.reg and save it to your desktop

Right click on the file and select Merge then confirm the action

Once you receive confirmation the information was successfully merged reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Registry Import successful?

Fixlog

Fishhead · Sunday at 3:08 PM

Following clicking Merge, I received the attached notice.

Fishhead · Sunday at 3:20 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-03-2025
Ran by Peter (30-03-2025 12:19:40) Run:13
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
End::
*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"DisableExceptionChainValidation"="0"
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe]
"DisableExceptionChainValidation"="0"
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CMigrate.exe]
"DisableExceptionChainValidation"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"="1"
"NAVOPTRF.dll"="1"
"jvm.dll"="1"
"mscorwks.dll"="1"
"javai.dll"="1"
"PMSTE.dll"="1"
"Vegas60k.dll"="1"
"Cleanup.dll"="1"
"symlcnet.dll"="1"
"main123w.dll"="1"
"DJSMAR00.dll"="1"
"divx.dll"="1"
"ppw32hlp.dll"="1"
"ASSTE.dll"="1"
"msjava.dll"="1"
"TFDTCTT8.dll"="1"
"mscorsvr.dll"="1"
"DRMINST.dll"="1"
"vb40032.dll"="1"
"NPMLIC.dll"="1"
"eMigrationmmc.dll"="1"
"mso.dll"="1"
"eProcedureMMC.dll"="1"
"eQueryMMC.dll"="1"
"vbe6.dll"="1"
"xlmlEN.dll"="1"
"msci_uno.dll"="1"
"divxdec.ax"="1"
"Apitrap.dll"="1"
"NSWSTE.dll"="1"
"udtapi.dll"="1"
"ISSTE.dll"="1"
"EncryptPatchVer.dll"="1"
"jvm_g.dll"="1"
"fullsoft.dll"="1"
"ums.dll"="1"
"AVSTE.dll"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvinst.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehexthost32.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FIRSTRUN.EXE]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe]
"DisableExceptionChainValidation"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"MitigationOptions"="0001000000000000"
"DisableExceptionChainValidation"="0"
"DisableUserModeCallbackFilter"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LICLUA.EXE]
"DisableExceptionChainValidation"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe]
"MitigationOptions"="0000000001000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe]
"MitigationOptions"="0000000001000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe]
"MitigationOptions"="0000000001000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonSvc.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonUI.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSPPREARM.EXE]
"DisableExceptionChainValidation"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe]
"MitigationOptions"="1111110000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe]
"MitigationOptions"="0000200000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe]
"DisableExceptionChainValidation"="0"
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe]
"DisableExceptionChainValidation"="0"
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe]
"MitigationOptions"="0000000001000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotocolhost.exe]
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe]
"MitigationOptions"="0000200000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe]
"MitigationOptions"="0000200000000000"
"DisableExceptionChainValidation"="3"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe]
"MitigationOptions"="0000000001000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPNSvc.exe]
"Debugger"="svchost.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe]
"MitigationOptions"="0001000000000000"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe]
"DisableExceptionChainValidation"="3"

=== End of ExportKey ===

==== End of Fixlog 12:19:40 ====

Oh My! · Sunday at 3:21 PM

Please attempt it again after booting into Safe Mode.

Fishhead · Sunday at 3:43 PM

I went to safe mode but end up with a command prompt. I have no idea how to run the Merge from Command Prompt.

Fishhead · Sunday at 3:54 PM

OK, I got to Safe Mode by using the System Config method. Ran the Merge and received the same message as before.

Oh My! · Sunday at 4:33 PM

Dealing with Norton roadblock again.

Right click on the Norton icon on the Taskbar
Select Disable Auto-Protect and disable it until reboot
Select Disable Smart Firewall and disable it until reboot
Attempt to merge Norton.reg again

Fishhead · Sunday at 4:58 PM

Same message.

Oh My! · Sunday at 7:20 PM

I don't think Norton is going to cooperate short of an uninstall. Even that may be difficult to do, as it was previously.

I have not been able to conclusively identify what is triggering the pop up. I suspect Norton itself is the issue. My conclusion is based on our troubleshooting steps, modifications to Certificates and monitoring/reviewing the processes involved in the pop up. The closest I have come to finding evidence is a Norton web page regarding Resolve errors related to missing root certificates. The page was last updated 3-3-25. We attempted to apply the fix but you received a message the Certificate was already on your system.

Other than repeating our steps to run Process Monitor with Norton installed, remove Norton and run Process Monitor to see if the pop ups are gone, then reinstall Norton to see if they re-appear I am not sure what else we can do. Our testing will likely confirm what we already saw when we completed the steps before.

Let me know what you would like to do.

Fishhead · Sunday at 8:33 PM

It sounds like we may never know definitely what the cause truly is and even if the cause was fully known, making a correction may be just as difficult as learning the cause.

Perhaps the time has come to bite the bullet and upgrade. Some of my programs such as accounting and tax return preparation will not run on newer versions of Windows (I have looked into this) so I will need to keep this old computer in case there ever was an audit. So retiring while it is still function, even with a gimp, would be better.

I thank you for all of your help and effort.

Norton - Connectivity To This Website Is Not Secure

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

Oh My! Malware Expert Staff Member

Attached Files:

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Attached Files:

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Attached Files:

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Oh My! Malware Expert Staff Member

Fishhead Private First Class

Members

Useful Searches