Thank you and I will break this into a few posts, if needed.
Please do not enclose posts in Quote or Code just for easier reading - Thanks.
Trojan.Poweliks has not been found on the system (thank you, as this is a 2nd check)
Both HDDs read OK ...........
HITACHI HTS727550A9E364 HDD (Main HDD)
Temperature: 35 °C
HGST HTS725050A7E635 OP (Second HDD)
Product Family: Unknown ??
2 other site links to show dllhost.exe *32 processes running
Symantec and Poweliks << Window Task Manager reveal many copies of the dllhost.exe *32 processes running. This can also be related to a past episode of Powliks .......... (several sources if requested)
Multiple "dllhost.exe *32" and now "Poweliks << Just another example of why I asked for the second Poweliks scan
NOTE : dllhost.exe is the genuine file of Microsoft Windows operating system. Check if the dllhost.exe is running from C:\Windows\system32 directory.
You can use to use Process Hacker instead of TaskManager, as it would give you more insight of the processes and the dll files running on the system.Process Hacker:>> http://processhacker.sourceforge.net/
If dllhost.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 66% dangerous. The file size is 417,792 bytes (67% of all occurrences), 393,216 bytes and 5 more variants. There is no information about the author of the file. It is not a Windows core file. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. Dllhost.exe is able to monitor applications and manipulate other programs.
If dllhost.exe is located in a subfolder of C:\Windows, the security rating is 18% dangerous (generallyOK). The file size is 7,168 bytes (76% of all occurrences), 58,325 bytes. The program is not visible. It is a trustworthy file from Microsoft. Dllhost.exe is able to hide itself and monitor applications.
If dllhost.exe is located in the folder C:\Windows, the security rating is 75% dangerous. The file size is 762,368 bytes (38% of all occurrences), 956,928 bytes and 7 more variants.
If dllhost.exe is located in a subfolder of C:\Windows\System32, the security rating is 81% dangerous. The file size is 10,240 bytes (63% of all occurrences), 114,688 bytes, 370,688 bytes or 13,312 bytes.
If dllhost.exe is located in a subfolder of "C:\Program Files", the security rating is 48% dangerous. The file size is 393,216 bytes (20% of all occurrences), 624,128 bytes and 6 more variants.
If dllhost.exe is located in a subfolder of "C:\Program Files\Common Files", the security rating is 58% dangerous. The file size is 656,384 bytes.
RKill is nice and clean -
AdwCleaner only removed ask.com as is normal. (Two false positives), which is why we normally ask to post a scan log if not sure.
J.R.T. found many (typical) >> Successfully deleted: [Empty Folder]
We can scan with ESET Online if you wish, as it is said to be more "Heuristic" than some others.
A few more items to go back over first, and then another post, or answers to your questions.
Edited by noknojon, 27 November 2014 - 06:50 PM.