I'm a diligent HijackThis and CWShredder user and on a weekly basis I run this 2 programs. A family member recently installed a program that also installed a BHO - hotsearch. I ran CWShredder which found and exterminated this BHO. However, I've been left with something that causes my initial page load to take quite a long time - ~30 secs, after which I can surf with no hassle. However, should I need to open up another browser window or click on a link that opens another browser window, it proceeds to take ~30 secs to load. I then decided to run Trend Micro's Housecall which found TROJ_PITUX.A in a file "c:\q230903.exe" which I un-ceremoniously had deleted. A quick search on the net also led me to find "\Windows\system32\dk1.exe" which I also deleted - and with prejudice I might add! I also disabled System Restore so that files in my Restore folder could be wiped out. After all this and I still cannot determine what is causing me sorrow! I'm posting this incase someone else has seen this type of behaviour recently and might shed some light on what else to check on. I did not see the need to post the HijackThis log as I'm conversant with what each entry in the output log does. However, one of those executables could be compromised by something that the Housecall cleaner is currently unaware of! The PC in question only serves as a router (it's a laptop that has a wired nic to the dsl modem and a wireless nic that communicates with a linksys wireless router - wrt54g - which services 3 other PC's) but I occassionally use it when need be. I might just switch over to Linux on it but I'd prefer not to as no one else in the household knows much about it. Thanks for your kind eyes and ears.