The system is being nuked as this is being written.

My buddy had a problem with a virus. AVG seemed to catch it but after the reboot, the system would not bring up a desktop. The system was setup for a single user with no password. So it should have booted right to his desktop. It booted normally up until the background of his desktop displayed, then the login screen would appear. Clicking on the user name would cause the desktop background to flash and then return the login screen.

I thought explorer.exe might have been cracked and replaced it with a copy from a good system. Didn't work.

I think something is trying to load in place of userinit.exe.

Try booting it in safe mode:
Run Regedit
Goto: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Userinit should be "C:\WINDOWS\system32\userinit.exe"

Oh man, this sounds familiar. I hope you don't have the same thing I ran across with someone recently. I posted about it on this board actually. Sadly, it had gotten to the point where we couldn't get into safe mode either, so we ended up wiping the machine and starting over. I sincerely hope you don't need to do that (at least the data is recoverable, using a second computer), but sometimes it's the only way.

We did salvage his Documents and Settings folder via knoppix live boot.

Is there a reference somewhere that tells what the windiws boot sequence is?

Almost certainly, but if the box is that hosed, and you suspect malware, you should nuke the site from orbit.

I just worked on a computer with those exact issues. Userinit.exe was hosed. I replaced it with a safe copy, and discovered that there were quite a few more critical exe's (explorer.exe, etc) that were also infected. Wipe and reinstall was the only option at that point.