DavidR
4
Aside from the question of the type of scan and settings which has been asked.
I would like to know what winlogon.exe is doing loading signatures into memory as this process is no security application. Sijce there are many instances of winlogon.exe being a trojan if it isn’t located in the c:\windows\System32\ folder, the legit location.
So we need to know where this winlogon.exe is located, you could check the Process ID the bit you XXXed out in the task manager. If you have Vista or later you can use the view the path for that Process entry. This should show the actual location of that instance of winlogon.exe and if there is any associated hooking to that file (see next paragraph) and by what.
However, as mentioned there are instances where other security applications hook the winlogon.exe file to load their processes, I don’t know if this is the case here.
EDIT: In the Task Manager, View, Select Columns, and select the Command line option.