Well the fix below did not work but no fault of the software, which I will still use.
I tried a bunch of other stuff I saw on some tech support forums, but the common thread on these was ‘try this it may work’. None of them did any harm, but the problem was still happening.
Combofix is a utility I have not looked at till now, but had heard good things about it as a ‘last resort’ if nothing else works. Apparently it is considered an advanced tool. Figuring that I am an advanced technician I gave it a go, firstly on a machine that was not that critical, and when that turned out to be completely without drama, on the infected machine. This utilities main ‘feature’ is that it doesn’t seem to identify anything in particular, but looks at things in general, and produces copious log entries that may give an insight into what may be wrong. It does identify and remove general sorts of threats by deleting some obviously suspect files, but no indication as to why!
On the infected machine it identified and removed 3 files , a ‘windows live messenger .lnk’ file from my start menu, c:windowsmy.ini and c:windowssystem32autorun.ini. The second one looks highly suspect, but the third wouldn’t have struck me as being suspect. I think it also does stuff with registry entries. Whatever it did, the machine still works OK, and the redirect via directrdr.com seems to have stopped, although it is still early days.
If this doesn’t work, I read somewhere about it being connected to the IE8 update process, and by implication (on by my inferring perhaps 🙂 ) the firefox update process also. Maybe I’ll switch off the update processes and see if it stops it.
Update (two days later) – Yeah – fixed!