should avast add record page and record page ads to virus list?

those pop-up ads and advertisements just annoying me
and I can’t remove it

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

https://www.sendspace.com/file/9kshea

Did you install the following programmes ?

360安全浏览器7
QQ International
QQ旋风4.7
BaiduYunGuanjia
Tencent

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

yes i do
but i install it for a long time
so i don’t think is there problem
and adwcleaner doesn’t work

http://i467.photobucket.com/albums/rr39/ranger352/20150711223423_zpsut6bmsu6.jpg

Download adwcleaner from here https://dl.dropboxusercontent.com/u/73555776/AdwCleaner.exe

I will now revisit your FRST log, and create a fix

I used your adwcleaner to scan again
but it show nothing

Which browser do the adverts show in ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM-x32\...\RunOnce: [360safeuninst] => C:\Users\user\AppData\Local\Temp\remove360.bat [1782 2015-07-11] () <===== ATTENTION HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\Run: [QQ2009] => E:\Tencent\QQ\Bin\QQ.exe [139960 2015-07-10] (Tencent) HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\MountPoints2: {5b25d3fa-9028-11e2-ac3b-bc5ff4687250} - F:\autorun.exe HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\MountPoints2: {62dd396a-8863-11e2-8180-bc5ff4687250} - H:\autorun.exe HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\MountPoints2: {8d43027a-8e75-11e2-9fad-bc5ff4687250} - G:\Startme.exe HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\MountPoints2: {8e87627f-8c47-11e2-852c-806e6f6e6963} - F:\autorun.exe HKU\S-1-5-21-1328610593-2988302748-3692750778-1000\...\MountPoints2: {9b5dfcc2-9118-11e3-b22e-bc5ff4687250} - I:\autorun.exe ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => No File BHO: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> E:\Tencent\QQDownload\QQIEHelper64.dll [2013-06-26] (Tencent Technology (Shenzhen) Company Limited) BHO-x32: No Name -> {00000000-12C9-4305-82F9-43058F20E8D2} -> No File BHO-x32: No Name -> {6A19C29D-ED45-4483-8999-9F939C8161F2} -> No File BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited) BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\user\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2015-06-30] (Tencent) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1328610593-2988302748-3692750778-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\998503072\npxbdsetup.dll [2012-12-10] () FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> e:\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2015-05-07] (Baidu.com, Inc.) FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2015-07-10] (Tencent) FF Plugin-x32: @qq.com/QQDownloadPlugin -> E:\Tencent\QQDownload\Browser\769\npXFPlugin.dll [2013-02-25] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll [2014-08-30] (Tencent) FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.30\Bin\npSSOAxCtrlForPTLogin.dll [2015-06-26] (Tencent) FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent) FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File FF Plugin HKU\S-1-5-21-1328610593-2988302748-3692750778-1000: @xunlei.com/npxlgamebox -> D:\gay\XLGameBox\Program\npxlgamebox1.0.0.3.dll No File FF Plugin HKU\S-1-5-21-1328610593-2988302748-3692750778-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File FF Plugin HKU\S-1-5-21-1328610593-2988302748-3692750778-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF Extension: NetVideoHunter - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f5z0uz0x.default\Extensions\netvideohunter@netvideohunter.com [2015-06-13] S3 BaiduYunUtility; e:\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [90392 2015-05-07] () R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [96952 2015-06-30] (Tencent) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-05-25] (360.cn) U3 acobvjox; No ImagePath R4 360netmon; system32\DRIVERS\360netmon.sys [X] R1 360reskit64; \??\C:\Windows\system32\drivers\360reskit64.sys [X] 2015-07-11 04:15 - 2015-07-11 04:15 - 00000000 ____D C:\ProgramData\360safe 2015-07-11 04:15 - 2015-07-11 04:15 - 00000000 ____D C:\ProgramData\360safe 2015-07-11 03:08 - 2015-05-25 18:41 - 00319568 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys 2015-07-10 20:40 - 2015-07-10 20:40 - 00000000 ____D C:\Users\user\AppData\Local\Tencent 2015-07-10 20:40 - 2015-07-10 20:40 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-07-10 20:38 - 2015-06-09 18:22 - 00064952 _____ (Tencent) C:\Windows\system32\Drivers\QQProtectX64.sys 2015-07-10 20:37 - 2015-07-10 23:27 - 00000000 ____D C:\ProgramData\Tencent 2015-07-11 03:29 - 2014-03-16 13:48 - 00000000 ____D C:\Program Files (x86)\360 2015-07-11 03:09 - 2013-12-25 01:53 - 00000000 ____D C:\Users\user\AppData\Roaming\360Login 2015-06-13 00:05 - 2014-11-14 08:27 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList 2015-06-13 00:05 - 2014-04-26 00:28 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList 2015-06-13 00:05 - 2014-04-26 00:28 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList 2015-06-23 00:56 - 2013-03-12 22:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Youtube Downloader HD C:\Users\user\AppData\Local\Temp\remove360.bat Task: {EFF27C1B-F1EC-40CC-8207-237C4741EC3B} - System32\Tasks\{530DBFC7-1916-4153-9C46-F34D09261AF9} => C:\Users\user\Desktop\1\1.exe 2015-07-11 21:35 - 2014-09-04 07:43 - 00000456 _____ C:\Windows\Tasks\微软设备健康助手自动更新.job 2015-07-11 20:49 - 2015-02-19 13:13 - 00000462 _____ C:\Windows\Tasks\微软设备健康助手设备检查.job 2015-07-11 02:40 - 2014-11-20 20:52 - 00000440 _____ C:\Windows\Tasks\微软设备健康助手开机检测.job FF Plugin HKU\S-1-5-21-1328610593-2988302748-3692750778-1000: duowan.com/Checker -> C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.3\npChecker.dll [2013-10-09] (广州多玩信息技术有限公司) C:\Program Files (x86)\Common Files\Tencent E:\365 E:\yy RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

chrome and firefox

https://www.sendspace.com/file/yl8xdi

Could you now run a fresh FRST scan for me please and if possible attach a screenshot of one of the ads

sorry for some reason I restore back to the restore point created by FRST
I afraid my qq will lost some important message
https://www.sendspace.com/file/w1d8qf

Are you still getting the ads ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

yes still getting ads
https://www.sendspace.com/file/0b5a6c

I believe they are coming from tencent

Could you screenshot one of the ads please and post it here

https://www.sendspace.com/file/vkshac
plz check R0

ads look like this
http://www.theadgateway.com/a/display.php?k=55a15bca4a6d9557991.314852&h=abb1c4b351043e1e892d67a3eacd8448d7d0b5e5&ban=557991&r=360854&iid=1436638154201197429023842023729021&ci=%3D%3DgSKdwBBQQDV4kVbJ1UVsxBHMQAP0QFORVWSJkRSVUUVshDO4gDO0QFONkXDllVCZUFM1QF1VxGKdQDV4kVbJ1UVsxBHMQAP0QFORVWSJkRSVUUVshDO4gDO0QFONkXDllVCZUFM1QF0VxGKdQDV4kVbJ1UVsxBBQQDV4EVZJlQGJVRRVxGG0QFONkXDllVCZUFM1QFtVBT&pm=VIlUFNUF&pabt=%3D%3DQFHcUF&pc=%3DAgDPEAAGAgDDIwDPIABHkxB&id=557991&ct_bust=0.9687293358147144&exp=su11

http://offer.alibaba.com/exclusive.html?alpsm=true&match=rule&prior=medium&ruleid=35&rank=solelp&tv=3&imp=2m19gjf19pv5s7cvcr4r&xp=u2Qt0m34x_TI1hkm3CQivqqh_tWRYXeiwQNapURu6rsIzE0lZGVrcxJ8MWPwbAkwmPi_LtyB_iRUMbOYwlVkTywxt5qccAirBxMQBFPntL4&pid=360854&td=1&aff_id=171573465&ct=1&size=000_000&an=50001&bm=cpa&tp1=20119742901436639173&src=saf
https://thedailytrader.net/uBinary/EN/IHAgentWhite/?offer_id=496&aff_id=2776&aff_sub=Z.P&aff_sub2=NTh8NzczfEhLfDN8MXxlY2hvLWpldS1DbFNSY2duTHxVa1ZHUlZKRlVnKmFIUjBjRG92THpNMk1EZzFOQzVoWkdOaGMyZ3VZMjl0fmEyVjVkMjl5WkEqfmMybDBaV2xrKlpXTm9ieTFxWlhVdFEyeFRVbU5uYmt3&aff_sub3=echo-jeu-ClSRcgnL&aff_sub4=&aff_sub5=uBinary_IHAgentWhite_EN&source=$$CUSTOM_PARAM(URL)$$&url_id=4806

http://rvfrm2006.com/aS/sa?cid=16525-4030517&pid=16525&q=%u96CD%u65CB%20<a%20href%3D'https%3A//www.facebook.com/socrec/videos/vb.160696287290644/1177015682&ap=cmp%3DPOPUNDER

http://i467.photobucket.com/albums/rr39/ranger352/20150712022204_zpseetl5tak.png

OK they are all from alibaba which is on your system, so uninstalling that should clear them

but I dont have alibaba?