After searching this forums and others, I'm really confused about this particular infection. (All of my troubleshooting is being done from my backup bootable drive, which was cloned before the infection so my operating copy is clean.)
At startup and occasionally after, Avast will block winlogon.exe referencing "win32:patched-rp [trj]". Avast will detect the infected file every time I scan it, but can't repair or remove it because it's a system file.
Dr.Web will catch it every time I scan, and repairs it, though it gets reinfected upon reboot.
MBAM does not find the infection, even if I right-click on it and scan directly. The complete scan found 4 registry entries that seem benign, I remember changing those settings at some point. Log is attached anyhow.
SuperAntiSpyware does not find it if I right-click-scan it. I have not tried a full and complete scan.
AdAware does not either. I have not tried a full and complete scan.
I'm also attaching an OTL log, though I'm not sure if the settings I chose are correct. I can't find the file "scan.txt" that is referenced for a custom scan.
I sent the infected winlogon.exe file to VirusTotal for analysis, and
this is the result. <-click