I have a customer who can only get the Czech version of the Google website. Malwarebytes turned up no malware and Eset's online scanner found only a Java exploit. I have tried flushing DNS, resetting the TCP/IP stack and resetting Winsock. IPCONFIG shows that the DNS server is the local router. It is unlilkely that the router has been hacked because it is provided by Verizon and the default administrative password is the router's serial number.
The OS is Windows XP SP3.
It seems that only the Google website is affected and both IE8 and Firefox exhibit this behavior.
What can cause this redirection?