OK had a brief look yesterday eve and this morning (the main problem here is that I have almost no time to devote to solving this problem).
In safe mode, this is what Sophos comes up with:
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE. You may not have access rights to the whole registry.
Area: Windows registry
Description: Hidden registry key
Location: \HKEY_LOCAL_MACHINE\SAM
Removable: No
Notes: (no more detail available)
As regards the 2 iexplore.exes, I took a look at them using ProcExp, and the properties are as follows
Path
C:\Program Files\Internet Explorer\iexplore.exe
Command Line
Removed as suggested below
Current directory
C:\Documents and Settings\Marc\Bureau\
Path
C:\Program Files\Internet Explorer\iexplore.exe
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5460 CREDAT:79873
Current directory
C:\Documents and Settings\Marc\Bureau\
Last edited by mglinert; 04/07/11 12:19 PM.