I'm having a problem with my Dell Inspiron 8200 running XP Professional.

A few days ago most of the major MS Office applications stopped working, and my Norton SystemWorks 2004 became inaccessible (including AntiVirus). What happens when I try to access a MS Office App, or any of the Norton apps is that a windows installer starts to run, but never completes. Also I can't run any of the Norton diagnostics even directly from the .exe files. When I try to do a live update, it says no products are there even though they show in the program files subdirectory.

I can access MS Outlook Express, and receive mail, but all messages are blank. I can access IE, but can't open anything in a new (second) window.

I've looked through all the recent Virus threats on the Symantec website, and checked my registry for the entries they reference...nothing! Everything looks clean, but....

??????????

HELP

Try accessing Housecalls from TrendMicro (free virus scan).
Did you have all the MS patches up to date?
Do you have any anti-spyware applications on it, Spybot/Adaware?

First off--Welcome to The PC Guide, many happy returns...

I'd be interested to know what you were doing just beofore this paroblem started. Downnload anything new and exciting ? Been playing with Kazaa by any chance? Whacky game sites? Did you just install the Norton NSW, and then this problem started?

Are you running a firewall, and if so did you check the log to see if anything has been attacking you, and perhaps got through?

I would humbly suggest right off:

1. Check to see that you are updated with everything: Windows, IE, Outlook (settings affect IE), AV. If you are running Spybot and Adaware are they updated? If not, download, UPDATE them and run them in Safe Mode. If you are not updated, uninstall NSW 2004 and then do your updates. Don't disable NSW--uninstall it.

2. In safe mode-- run your AV, and the scans that PrntRhd suggested.

3. NSW has some great utilities, but Clean Sweep especially has in the past been notorious for getting in the way of downloads. I don't keep my utilities installed. I install them when I want to use them, and uninstall them.

4. When downloading try it this way:

After you get the download, after download, AS SOON AS YOU SEE THE INSTALL SHIELD, BEFORE YOU CLICK THE INSTALL ICON, #1. log off the net, #2. disable AV (right click tray icon), #3. then ctrl-alt-delete to close AV in close-program, THEN (and only then) #4. click on the install procedure. Otherwise your AV might read the install as an invader and mess with it. Then manually shut down for two full minutes.

I am under the impression that this is an office PC? If so and you are on a network, is there a firewall on the router AND on your PC? On the router alone is not good enough. Many of us use the Sygate free edition, If I had XP I would disable the XP Firewall and use Sygate instead:

http://smb.sygate.com/products/spf_standard.htm

Here are some diagnostic tools you can use to check your browser integrity either now or after you get set up clean again:

Jason’s Browser Security Test:

http://www.jasons-toolbox.com/BrowserSecurity/

Gibson tests:

http://www.grc.com/default.htm

I use LeakTest, DCOMbobulator, ShieldsUp, and UnplugNpray

Now, if you are at work there may be an issue with you downloading programs to your PC-- that's up to you to determine.

It's a home PC, not net connected.

Norton AntiVirus defs & Windows Updates were up to date.

Running ZoneAlarm, AdAware and Spybot current versions.

No dicey downloads or strange sites visited prior to problem, and

SystemWorks had been in for six weeks prior.

Can't run NAV in safe mode...same prob.

Will try some of your suggestions, but if you hear anything specific, let me know.

Dave

If it were me, barring any sure fire fix from one of the moderators, I would immediately uninstall NSW--completely, download update and install AVG for net-surfing protection at least temporarily.

Now go to safe mode and try run the AVG and Spybot and Adaware.

If you get a clean run in Safe Mode it is generally accepted that you are bug-free. If you get a clean run, then possibly you have some corrupted files somewhere. After that I would think about repairing or reinstalling IE or MS Office. But since you got some results using Adaware I would follow up on that first...dump NSW and see if you can run AVG and etc. in Safe Mode. There is malware that shuts down AV along with other disruptions.

One thing I forgot to mention last night--when was the last time you did a good general clean-up: empty TIF, cookies, %TEMP%--I'd do that right off also. When did you last run Disk Clean-up, Scan Disk, Defragmenter ?

Edit: I don't run or really care for Zone Alarm. I had it for a while and it caused some problems. Check the log and see if it is logging blocking the MS office apps or NAV. If I recall propely I have seen a few reports of ZA getting tangled up with NAV or NSW.

The "turning off" of your Anti-virus, and the MS Office problems could also be symptoms of one of the nastier varieties of Coolweb infestation.

After following all the steps given above, if your problem persists, please download

Hijack this (http://mjc1.com/mirror/hjt/), and post your here for checking.

I ran the virust test from Trend Micro, and it showed nothing.

Ran the Ad Aware and Spybot and fixed the issues, but no change.

Will download the Hijack and post...

Thanks

Here's the Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 1:21:45 PM, on 7/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Daves\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\SS2-FULL.exe /min
O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\IC.exe
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton Utilities\NDD32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28a592a7c042dccefe20/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82

Hi zoroaster,

David gave you an old link for HJT so you are running the old version. You can get the new version HERE (http://www.downloads.subratam.org/hijackthis.zip). Plus your OS and IE are completely out of date. You should run Windows Updates and install Service Pack 1 and ALL of the critical updates.

With that being said, these are the only things I see that you should fix with HJT (other folks might see more):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28a592a7c042dc...ip/RdxIE601.cab

and I doubt that is causing your problem.

These entries are left over from when Earthlink was your ISP. You said earlier that the computer is not connected to the internet. If you are going to keep it that way or will be using a new ISP, you can have HJT fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/mo...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...ton/search.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82

If you download the the updated version of HJT it might give us some more info.

I have downloaded all critical updates except the sp1 as I have a problem with serial number that I have not been able to resolve as of yet.

When I said not connected to net, I meant office-type network. I continue to use earthlink as my internet connection.

I fixed the two recommended items, and will download and rerun the later version of Hijack This, and post results.

Thanks very much.

I downloaded Hijack This from the link directed, and here is the log:

Thanks for any help you can be.

Logfile of HijackThis v1.98.0
Scan saved at 3:02:25 PM, on 7/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Daves\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\IC.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\SS2-FULL.exe /min
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton Utilities\NDD32.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DE24350-585D-489F-8B0F-08780BA008EB}: NameServer = 207.217.126.81 207.217.77.82

Just took out the two lines recommended by Steve and rebooted with no luck.

I'll add two small pieces of info that I hope will help.

When booting up, and everything has loaded, windows installer loads, and I get the message "This MSI must be loaded through setup". I have to "end task" both several times via Windows Task Manager before I can go any further.

When I load Internet Explorer, I get the message "Sorry, there was a library not registered" message, but then it goes to myyahoo start page, and I can perform most functions with IE. Only one I can't is to open a second IE window.

??

Thanks

I don't see anything that would be causing your problem. I'd like to direct your attention to This (http://forums.spywareinfo.com/index.php?showtopic=10856) post over at SpywareInfo, though.

Donn made that suggestion earlier. It might be worth a try. If you do, I'd suggest just doing MS Office first. I've had bad luck trying to uninstall NSW and don't really recommend it unless you have all of your data backed up and can deal with an OS reinstall if necessary. But at this point, I would hope you have everything backed up already. ;)

I'll go check out the link, and thanks.

SystemWorks gave me no problems for many weeks prior to this, but I suppose it could have just gotten tired of functioning correctly.

I would have everything backed up at this point, but I can't find a way to backup to my CD, as part of the problem involves my Roxio 5 (doesn't function).

Any suggestions?

XP has a write to CD function built in. Is that working?

Did this machine once reside on a network? It sounds to me like some type of permissions issue. Are you running bugoff.exe?

It resides on a wireless network at home. The wireless card is not in place as I'm using dial-up here.

What is bugoff.exe?

Backing up now using the XP CD Copy...well duh I say--why didn't I know that?

Hope I don't have to do the big reinstall...still hoping for salvation.

Steve: does this:

C:\Documents and Settings\Daves\Desktop\HijackThis.exe

indicate that his HJT is installed on the desk top? if so, won't his backups be all over the desk top?


Edit: While I think of it--I always had a repair function along the NSW uninstall path in mine (NSW 2002)...Zoroaster: If you are going to keep NSW installed, think about running that little repair function in the uninstall pathway, just to be sure it hasn't been corrupted. Also, think about adding Spybot and Adaware to your protection line-up. Update and run them no longer than every three days.

And as far as uninstalling NSW--I never had a problem, and I did it several times, but, I have a Win Me on a Compaq. It might be different with Win Xp... something for you to consider there.

Steve: does this:
C:\Documents and Settings\Daves\Desktop\HijackThis.exe
indicate that his HJT is installed on the desk top? if so, won't his backups be all over the desk top?

Yes. That shows that HJT is on the desktop. And no, the backups will not be all over the desktop. One of the improvements Merijn made in version 1.98 is a feature where HJT creates a folder for the backups. When you run HJT from the desktop and fix some entries, HJT creates a nice little folder called "backups" right there on the desktop where they can be easily found if need be.

Sometimes browsers and download managers use the desktop as the download location, by default. My Firefox install does this for example. As Pete pointed out in a different thread recently, there are alot of people who don't know how to create a new folder in their root drive and move the .exe file there. And why should they? It's just one more hassle. With the HJT icon and a little folder icon named backups right next to it, it is very easy to find and use the program.

This entry is "interesting"!

O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\IC.exe


And, even more curiously, it has appeared in two logs. Hmm.........

Is surf secret working on this computer?
If so, try fixing that entry using Hijack this, and see if the problem is resolved.

That's Surf Secret. Apparently an OK file, it's a program designed to clean up your tracks after surfing the web, according to Windows Start Up (http://www.windowsstartup.com/wso/browse.php?l=19&start=350&end=375)

If that link doesn't work right, go to the "S" category, page 15.

The file under that entry, SS2-full.exe is also part of Surf Secret.