winlogon.exe and explorer.exe infected with Trojans

Hi to all,
Win XP Pro SP 3 on a Dell Optiplex.
I am running AVG Free 2011, Spybot S&D, and WIndows defender. I have Malwarebytes AM installed as well and ran it but it did not find a problem.

Here's what happens:
My AVG resident shield opens every 20 or 30 seconds and informs me that a threat was detected in C:\WINDOWS\system32\winlogon.exe and tells me "Trojan horse Patched_c.KAI. Detected on open".

It also does the same thing with C:\WINDOWS\explorer.exe and tells me " Virus identified Win32/Patched.GB"
I cannot seem to get rid of these trojans - help?
Thanks in advance for any and all help, and best regards,

Morey G.

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

well, now i did it. it's my work pc and i was away for new years-when i returned avg asked me to reboot and if i wanted to force threat removal, which i stupidly did. now i have no winlogon.exe and i get a blue screen telling me the windows logon process terminated.
i do not have the recovery console installed on the machine, and our office manager can't find where they put the XP Pro CD's. Can i use my from home?
can i download recovery console and install it somehow?
thanks
mg

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
  
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  

• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.