I would like to start by admitting that I ran Combofix without being instructed to do so, sorry about that. It found an infected copy of c:\windows\system32\userinit.exe and disinfected it. Next time it didn't find anything, but recently the infected copy was found again and disinfected. Thus whatever is infecting userinit seems to reappear not long after removal. Very grateful for any advice.