See: https://www.virustotal.com/en/url/68182bb4dd8b334ee37b5003b26153d41f7e6dc5a14286c17b3f727830624909/analysis/1426973582/
Suspicious files: /mnt/pages/register?retpath=http%3a%2f%2fqip.ru%2f&utm_source=mainqip&utm_medium=referral&utm_term=title&utm_campaign=main_new_register
Severity: Suspicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to suspicious blacklisted domain -quote.rbc.ru

-/i/gameblock
Severity: Suspicious
Reason: Detected reference to blacklisted domain

/javascript%3A
Severity: Suspicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to suspicious blacklisted domain -quote.rbc.ru

Potentially suspcious: Detected potentially suspicious initialization of function pointer to JavaScript method document.write __tmpvar678006046 = document.write;

[[<script type='text/javascript' language='javascript' >  if (window!=window.top) { document.write('<div style="display:none">'); dwrite = document.write; document.write = function() {  }  }    </script>]]

Adware tracked:
htxp://r.qip.ru/iframe?name=Hosting_subfooter&jscookie=0 htxp r.qip.ru /iframe ad name=Hosting_subfooter&jscookie=0 364 577 2015-03-21 22:50:53 (.dt07.net|.dt00.net|jsc.mgid.com) htxp://jsn.dt00.net/p/a/papa.pochta.ru.12654.js?t= MarketGid
htxp://r.qip.ru/iframe?name=Hosting_subfooter&jscookie=0 htxp r.qip.ru /iframe ad name=Hosting_subfooter&jscookie=0 364 577 2015-03-21 22:50:53 (.dt07.net|.dt00.net) htxp://jsn.dt00.net/p/a/papa.pochta.ru.12654.js?t= MarketGid
htxp://r.qip.ru/rb?name=hosting_300x250&jscookie=0 htxp r.qip.ru /rb n/a name=hosting_300x250&jscookie=0 2015-03-21 22:50:53

Haven’t we been there before? Re: https://forum.avast.com/index.php?topic=163920.0
→ http://deletemalware.blogspot.nl/2010/08/how-to-remove-adyieldmanagercom.html
-marketgid.com.domproof.com/ is being blocked by the DrWeb extension in Google Chrome - adware, spam, phishing.

polonus