Ok guys just giving you a heads up that wowhead is infected by a java based virus with multiple problems it can cause to your machine. Heres some pics i took of how fast it attacked my machine within 5-10 seconds before i reset my computer.
Hmmm idk it seems like a pretty small chance it came from wowhead. Trojans like that generally get downloaded when you go to google seaching for torrents and things and really there's no way to show exactly which site it came from or how long it's been on the computer before starting its attack.
If you boot in safe mode and use the registry editor to remove the keys that start it when you boot your computer you should be free to remove the fake svchost and other programs chillin in your temp folder and then do a full MalwareBytes scan and be good to go
I don't doubt it could have come when you had wowhead up, though its not wowhead itself.
Websites use 3rd party advertising agencies, those agencies don't always inspect the ads they put into their system... Gold seller puts a flash or java ad that uses buffer overrun or even just some scripting that starts it all. I use FlashBlock and NoScript in Chrome and in Firefox and I've never had an issue with these types of attacks. Though I've sure fixed quite a number of my clients machines with this issue, changing the default DNS to 127.0.0.1 or otherwise.
Also this type of attack isn't limited to the scope of gold selling account stealers, though the people are just as shady. Any websites that use 3rd party advertisers (like... all of them) can have this issue. Most companies don't acquire advertising themselves, hiring 3rd parties eliminates a department of people to pay.