It is in my desktop now, every time I click a google search result, I got redirected to some unknown websites (the same thing happen with IE, Firefox and Chrome). I use AVG at home, did several whole computer scan, it couldn't find anything wrong. However, if I am connected to the internet, AVG warning will pop up once in awhile alerting some threat found in one of my local temp folders. But when I click the button to throw that into the vault, AVG would just tell me the threat cannot be located... if I am disconnected to the web, no alert would pop up. So, how does this work? Where is it hiding itself? I search on the web and was told to look at the HOSTS file, except that I couldn't even find the file in the directory it is supposed to be (C:\WINDOWS\system32\drivers\etc, I only see 4 files: lmhosts.sam, networks, protocol and services. I am running Vista). Did the virus manage to delete my hosts file? If so, what is the browser reading then? I also tried System Restore to restore to an earlier restore point, and after that I enjoyed normal google search for the first 5 minutes. Of course, I celebrate way too early, the virus/trojan is obviously smarter than me and greet me once again in all google search. Does this sound familiar? Any suggestion/insight would be much appreciated. I am not very smart in networking, and don't understand TCP-IP etc, so, a lot of what I found on the web is way too difficult for me to understand. Though I definitely would like to learn more of these if someone could explain it to an amateur.