IE8 being redirected

[BobL]

When I do a Google or Bing search – the result page looks fine (seems normal) – but any link I click on from that result page gets redirected to local.com with another set of links.
What is causing this? Did I pick up something?
How can I stop this behavior?
System:
XP
IE8

[JoeP]

Run a scan with your favorites anti-malware tools.

Joe

[BobL]

Thanks Joe, did that yesterday before posting here.
Turned off System Restore, scanned w/Symantec Antivirus - did find Backdoor.Tidserv that was deleted according to Symantec.
IE8 experienced the same behavior after.
This morning on a cold reboot I re-ran the scan before opening IE8, found nothing. On opening IE8 first search produced a good Google page, and first link followed from that page brought me to informationgetter.com - another re-direct.
Did check on Add-On Manager and found nothing but Microsoft, Adobee, and Sun Micro systems in there.
Still my head...

[HansV]

Try the free version of MalwareBytes Anti-Malware.

[BobL]

Sorry Hans, I'm on a business machine and cannot install any apps. <sigh>.
Just an anoyance at this point - but if need be I'll get our IT dept to check it out. I can't see anything more than I've already done though..

[JoeP]

Can you try the online version of Autoruns for Windows?

Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/" onclick="window.open(this.href);return false;<toolname> or \\live.sysinternals.com\tools\<toolname>.

Joe

[BobL]

Yes I can Joe, at least our browser allows me to get there.
What should I be looking for under Autoruns?

[BobL]

Here is what I have from Internet Explorer tab:

autoruns7-13.png

[JoeP]

What is under the Logon tab?

Joe

[BobL]

autoruns7-13a.png

[BobL]

Not sure if this will help or not, but I managed to grab a screen shot of the url between the click on Google and the final crap landing page. Might lead to something??

RedirectLink.png

Anyone recognize this?

Added: just noticed something else under my history - what is this:
default.pk
It was listed under my browsing history and seems to lead to the above link.
Could my IE8 config file(s) have been altered?

[HansV]

Since you're not allowed to install security applications yourself, I'd ask the IT helpdesk to solve the problem for you - they should be able to deploy the tools necessary to find and remove the culprit.

[BobL]

Makes sense Hans, thanks. I'll do that.

[BobL]

Problem solved - although not easily.
My IT Dept did it in two sessions:
1. After loading Malwarebytes (thanks Hans) Deleted IE8 - rebooted - re-installed IE8. Re-assigned search provider.
Did not work
2. Malwarebytes discovered :Rootkit:DDSS: on it's 3rd pass. Went to safe mode. Removed IE8. Removed countless directories and individual weird files as in "exe.exe", "uns.exe" crap like that. Lots of regedit deletions. This thing was all over the place.
So far, this has worked Re-installed IE8.
It was impressive to see someone that knew what he was doing at work - glad to know that the ole DOS commands are still in play today
Anyway, clean system again - nice to have.
Morale of the story - play safe with pop-ups - disable them unless you know the site personally. This came my way (I suspect) from a national news web site, one of those with countless ads in place and lots of mouse-overs. I'm a looking for a new News site <grin>.
Later.

[HansV]

I'm glad it's solved - you really needed the IT guy for this.

[JoeP]

It is distressingly easy to corrupt your system even if you are relatively vigilant. Glad you got it resolved though.

Joe

[BobL]

It is distressingly easy to corrupt your system even if you are relatively vigilant.

You've got that right Joe, I've always considered myself a 'Safe Surfer' - analyzing links before selecting and all that stuff (been computing since early '70s) but this one really got me - still don't know where or how but I have some suspicions...
Now, I'd much rather sit back with a and let the odd sites go by