news-11-today.com / localpages.com and other popups

Lately I have had 2 computers infected with something that will randomly give me popups to news-11-today.com, easyshoplocal.com, localpages.com, and lots more. Also if I do a google search, and click on a link, it won’t send me to that page, but other random pages.

Avast hasn’t caught anything yet. Can you help me make this thing go away?

check your computer for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
you may post the scan log here

Also try

Hitman Pro 3 - Second Opinion Malware Scanner http://www.surfright.nl/en/hitmanpro 30day free removal from register day

Report 2010-06-25 20:22:58 (GMT 1)
Website news-11-today.com
Domain Hash c38355cae74da1130c96b5794612ffb3
IP Address 174.143.45.135 [SCAN]
IP Hostname -
IP Country US (United States)
AS Number 33070
AS Name RMH-14 - Rackspace Hosting
Detections 2 / 19 (11 %)
Status SUSPICIOUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN

Report 2010-06-25 20:27:09 (GMT 1)
Website localpages.com
Domain Hash 6a632bab368bc7d3472c77724798438c
IP Address 64.74.172.200 [SCAN]
IP Hostname localpages.com
IP Country US (United States)
AS Number 10912
AS Name INTERNAP-BLK - Internap Network Services Corp…
Detections 3 / 19 (16 %)
Status DANGEROUS

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts DETECTED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN

Essexboy is the guy you have to look for : http://forum.avast.com/index.php?action=profile;u=11091

I have sent him a PM. He will post shortly. He is a trained malware cleaner.

nmb

As this is happening on two computers are they connecting via a router ? If so the router might be infected. I will do one system at a time, would it be possible to keep the other disconnected from the net ?

http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[
] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
[] IAT/EAT
[
] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select Scan all users
[*]Under the Custom Scan box paste this in


netsvcs
drivers32 /all
%SYSTEMDRIVE%*.*
%systemroot%\system32\Spool\prtprocs\w32x86*.dll
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach all logs