Well there is obviously something else (hidden/undetected) that is restoring the file, not to mention there also has to be a registry entry responsible for the run command winlogon.exe for C:\Windows\System32\dinput32.dll.
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See
http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS,
http://www.superantispyware.com/portablescanner.html, no installation required.
SuperAntiSpyware (SAS) should I believe be able to deal with this one.