Nasty things

Legend

Cheers mate

No worries

If you think your flatmate may have installed Sun Java without you knowing, create a new limited user account (Control Panel-->User Accounts) for him/her, so if s/he uses your pc they won't be able to install anything or access your documents (read the Learn About documents in the User Accounts panel to find out how to use different accounts).

Did you re-d/load that patch from M$'s security bulletin (http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx), as not being patched with that will make it a bad problem. You'll probs have to install Sun Java again at some point (support for M$'s Java VM stops completely at the end of 2007), but only do that after you're definitely patched and XP's up to date with updates. Sun Java's a bit buggy with things like it's cache, so if you can't clear it expect another uninstall/install.

Btw - the exploits were downloaded by the RTE running in Internet Explorer, you should really consider changing browsers (and being careful what sites you visit...)