HSA infection (yup, another)

Alright, did all the stuff in the stickied post and I'm still infected so here's my log file.

Logfile of HijackThis v1.97.7
Scan saved at 7:07:23 PM, on 7/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winzw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\apijc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\anti-spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uckvs.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uckvs.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uckvs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uckvs.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uckvs.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uckvs.dll/sp.html#96676
O2 - BHO: (no name) - {8D56CC2F-1758-99B5-D05C-F52E0CDE124D} - C:\WINDOWS\system32\d3ue.dll
O4 - HKLM\..\Run: [javadr.exe] C:\WINDOWS\system32\javadr.exe
O4 - HKLM\..\Run: [apijc32.exe] C:\WINDOWS\system32\apijc32.exe
O4 - HKLM\..\RunOnce: [winzw.exe] C:\WINDOWS\system32\winzw.exe
O4 - HKLM\..\RunOnce: [crhs32.exe] C:\WINDOWS\system32\crhs32.exe
O4 - HKLM\..\RunOnce: [javaea.exe] C:\WINDOWS\system32\javaea.exe
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


All of this clears up when I boot into safe mode and run HSRemove and Hijack This, only to return when I boot normal. I've been reading all the posts I can find about it and I don't have NSS on my msservices list and also can't find the Microsoft Java thing anywhere.

The file that keeps returning in my system32 folder is d3ue.dll, need to figure out it's source and I think this problem will be solved.

P.S. Could this issue cause sever system instability. I've had this issue for probably a month, but for the last week or so my computer has been very unstable. i.e. crashing after a couple minutes of video games or when trying to run anti-spyware/virus programs (the latter is why I think it could have something to do with this). It makes working on this issue very difficult. Also, I've tried formatting several times but I crash then also.

 

yes and yes, both in safe mode.