C:\WINDOWS\system32\winlogon.exe and C:\WINDOWS\ServicePackFiles\i386\winlogon.exe is where mine show up and just read someone else has it in... C:\WINDOWS\system32\dllcache\winlogon.exe .
When i saw the results of the scan rather than check up on it (i`m very busy today) i decided to pop an earlier image back on, unfortunately after updating A2 the results are the same (feel stupid popping an earlier image on now).
Anyhoo i have scanned C drive with online scanners now as well as all my normal security, all show up as clean other than A2.
I have now checked the A2 forums and see a couple of people have posted the same thing happening to them, as yet no-one from emsisoft has answered the questions.( someone has now zipped the offending file and sent it to emissoft).
I thought it best to alert the forums to save people scanning and performing unnecessary HJT scans and analysis.
EMSI A-squared support forum .
I have informed ChrisRLG and Nell of this posting, sorry if it`s in the wrong part of the Forum, leave it up to the site Admin/Mods to move or delete it as they see fit, just thought it best to let you know in case you had a flood of panic stricken folks arrive on the forums doorstep later in the day.