Security → Re: Normal ?

IE9 - looking at it more the flash is staring when I open a real ie window but does not close by itself when ie closes. The 2 unknown ie's are stuburn to end process on and when I do get them to close they restart in about 30 seconds. Scanned with MSE and malwarebytes and it's showing clean. I really don't think this has anything to do wih the clock gadget as I have turned that off. I have not been keeping up on security or pc's in general so I have forgot alot of things. If there is something on this lu account any chance it will infect the admin account ? Will check back tomorrow - thanks

The 'Flash' seen in your screenshot is the Flash Installer/Uninstaller.

If you wanted, it could be renamed to prevent it being loaded.

The file should be in C:\Windows\SysWOW64\Macromed\Flash\

Just add a letter (I use XXX) to the beginning of the name just in case I need it back.........

Thanks THZNDUP - not sure why its running on LU but not admin. I am messing around with this tonight and found a link. When I end the rundll32 process then end the 2 ghost ie's they do not restart. Ending them with rundll running causes them to restart with in 30 seconds. This racore file seems to be tide to real player which I have never installed. Thoughts?

It's kinda odd that the file isn't in it's own directory of some sort and is just dumped into the 'Roaming' root. That's pretty rude nowadays but still happens. It could also have been used by something other than RA(bloatware, free trial, etc).

You could try 'renaming' it (racore.dll) to see what breaks until a reason is figured out why it's there and running. You will have to find out where/what is calling that rundll with racore.dll being passed to it.

Notice a pattern?