I still get an occasional spurious web site, apparently piggybacked and redirected on another IE web site request. “Hijackthis” crashed again and again when I attempted to submit logs to “Trendsecure” of “Trend Micro”. “Windows Update” was disabled and still is. I was then able to delete the folders and the associated files. I ran “Hijackthis”, identified the initiating registry entries and successfully removed them.
exe files under “Program Files” in folders of the same name. The two were, “Getpack27” and “Getmodule34” both. That stopped the blizzard of unsolicited web site openings almost completely. I used Zone Alarm to look for initiating programs that were suspicious. Soon after I was getting all kinds of unsolicited screens opening offering porn, gaming, obvious phishing sites, and finally the phony virus killer site again, and again, and again. The thing that cinched my notion that I had malware was the persistence of the screen. Been there, done that and I wasn’t buying. The first clue I had that I had malware present was a screen that opened telling me that I had some terrible bad stuff on my computer and offering a download that was just the right and spiffy thing to cure it. Apparently I said “Yes” to some permissions that I thought were connected to WOW.
I run Zone Alarm and had to respond to a lot of permissions for the WOW load up. I did a search, found what I thought was a likely site, opened it, did nothing but take a looksee, didn’t find anything I wanted, and backed out. In the process, I determined that I needed a utility that I run on a couple of other computers to find a WOW file that I couldn’t locate. I was busy trying to get hooked up to World of Warcraft. Specifically AVG free quarantined a file, path: C:\Windows\System32\awturPlx.dll, which it labeled a Trojan Horse.