why three different results in three different scans

Hi, Using CIS updated with AV database 2520

My scheduled AV ran a whole-system scan and turned up a few suspicious results. So I repeated the scan on the infected directories and got two different results. What is this telling me?


  1. Here’s what the full-system scan showed me:

I didn’t take any action, just clicked the window close button in the title bar.

  1. Then I ran the scan on just the C:\Program Files(x86)\ATI directory. I did this by openign Windows Explorer, navigating to that directory, and right-clicking on it to start the scan. This showed zero results (even though one was reported there in the first scan).

3. Then I used an existing scan profile I’d created in the past to scan just the C: drive. It gave the following (different, yet again) results.

Notice that as best I can tell, d:\app\WinMerge\ShellExtensionX64.dll is listed twice – what’s up with that?

Any ideas appreciated! Thanks.

  1. This has been noticed before.

  2. It is strange it picks up an entry from the d partition. May be it is a bug.

I was wondering if maybe this was the result of scanning memory, in which case it might notice the DLL and report the location from which the DLL was loaded.

Also, as far as seeing it twice … I’m on Vista, and Vista is known to have issues with multiple copies of Explorer running (like when sometimes you see auto-hide stop working for the task-bar). Maybe something related to that?