I've been hijacked by something!

I'm a diligent HijackThis and CWShredder user and on a weekly basis I run this 2 programs. A family member recently installed a program that also installed a BHO - hotsearch. I ran CWShredder which found and exterminated this BHO. However, I've been left with something that causes my initial page load to take quite a long time - ~30 secs, after which I can surf with no hassle. However, should I need to open up another browser window or click on a link that opens another browser window, it proceeds to take ~30 secs to load.

I then decided to run Trend Micro's Housecall which found TROJ_PITUX.A in a file "c:\q230903.exe" which I un-ceremoniously had deleted. A quick search on the net also led me to find "\Windows\system32\dk1.exe" which I also deleted - and with prejudice I might add! I also disabled System Restore so that files in my Restore folder could be wiped out.

After all this and I still cannot determine what is causing me sorrow! I'm posting this incase someone else has seen this type of behaviour recently and might shed some light on what else to check on.

I did not see the need to post the HijackThis log as I'm conversant with what each entry in the output log does. However, one of those executables could be compromised by something that the Housecall cleaner is currently unaware of!

The PC in question only serves as a router (it's a laptop that has a wired nic to the dsl modem and a wireless nic that communicates with a linksys wireless router - wrt54g - which services 3 other PC's) but I occassionally use it when need be. I might just switch over to Linux on it but I'd prefer not to as no one else in the household knows much about it.

Thanks for your kind eyes and ears.

 

dvk01,

Thanks for your response. Just after posting this question, I remembered another tool I hadn't used yet - regmon. I ran this tool a few minutes ago and caught the registry entry that was causing me worries.

Apparently, AIM was being launched off of a network share. This program has never been the cause of issues as I have used it on numerous occassions on the laptop. What happened this time around was that the network share in question was not available as the computer user (one of my kids) is on vacation and had turned his PC off - it is rarely ever turned off!

My only question is why is AIM launching when IE is launching? That is rather odd if you ask me! In any case, the problem has been fixed by removal of this registry entry - I really don't care for AIM anymore. It'll be saying bye bye to my world tomorrow.

I'm off to bed as it is way past my bed time in the land down under.

Later.