OK had a brief look yesterday eve and this morning (the main problem here is that I have almost no time to devote to solving this problem).

In safe mode, this is what Sophos comes up with:

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE. You may not have access rights to the whole registry.

Area: Windows registry
Description: Hidden registry key
Location: \HKEY_LOCAL_MACHINE\SAM
Removable: No
Notes: (no more detail available)


As regards the 2 iexplore.exes, I took a look at them using ProcExp, and the properties are as follows


Path
C:\Program Files\Internet Explorer\iexplore.exe

Command Line
Removed as suggested below

Current directory
C:\Documents and Settings\Marc\Bureau\


Path
C:\Program Files\Internet Explorer\iexplore.exe

Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5460 CREDAT:79873

Current directory
C:\Documents and Settings\Marc\Bureau\

Last edited by mglinert; 04/07/11 12:19 PM.