Posts by gerbil

"I am sorry to say I could not open my outlook" Outlook? Do you mean Explorer[.exe]?
Are you talking about the Iobit file, is360.exe? Just do this to remove it, as I posted above:
Start GMER again, when it is ready [after initial quick scan], expand the top tab line by clicking on the >>>>. Choose Processes, and when it lists select the is360.exe entry and press Kill Process.
Next press Files, a navigation window will pop, browse to IoBit in Program Files and select is360.exe; when you have selected the correct file the Delete button will then activate - Press it.
-that all takes place inside the GMER pgm.
Finally, uninstall IoBit.
If need be, you can run GMER in safe mode.

"and No_Of_room have 10

if user book two room on date 24/02/2011 to 26/02/2011
if at that time user search room avaibility then it show available 8 room search by date"

That is just what one should expect.
Try Wotif.com
[I'm never gunna get a Solved credit for this one...]

Is this a previously-viewed email you click on? Go tools, Internet options, Connectons tab and see that on the LAN Settings page that you are not usning a proxy - for most home folk the Automatically Detect Settings box should be checked. Or, if you do have a proxy configured then see that its settings are correct.
I'm just figuring that perhaps you see the email from cache first, then the page tries to update and Bam! it's gone.

I know this gets a lot of currency on computer forums, but I really don't recall ever seeing a physically leaking modern capacitor, electrolytic or otherwise, and I once was an electronics engineer before I saw the light. A leaking capacitor is simply one that leaks electrically... they just do not have fluid in them. Exploded or obscenely bulging and blackened after a severe overload, yes, but they died in company. Examining a mb is interesting, they are a form of modern installation art, but don't expect to see deficiency on a working mb. Anyway...
Before you get your next BSOD, go CP > System > Advanced tab, Startup n Recovery Settings, and uncheck Automatically Restart.
Fine, when next it blue screens you will be able to give us an error code and perhaps the name of a faulting module. Then we can go places.
By the way, how much free space is on that drive...?

This is strange indeed, stellios. Right, lets try something that will force setup.exe to recognise ksuser.dll. Open two explorer windows [this is the easiest way of several to achieve the same thing], size them so that both are open on your desktop side by side. In the one, navigate so that the audio driver installation files are shown in the RHS [setup.exe filename should be visible]; in the other open system32 so that ksuser.dll is displayed. Good, now lclick and drag ksuser.dll over to the first explorer window and release it on top of setup.exe after setup.exe highlights. Setup.exe should start... and I don't see how it can now ignore ksuser.dll.
Of course, this is Windows, and who knows what BG had up his sleeve....

Then I would test the hdd in another system because it is looking like it died... :(

Please?
Whatever you try, you are going to require a Windows cd [either M$ retail or OEM as suits your license] or some other related source for the Windows Setup installation files; anything else we will not help you with.
The above method works fine, I have used it. You only need use the WintoFlash pgm with your file source.

Okay, IoBit was on your system before the first GMER run.
You should remove that hidden is360.exe: start GMER again, when it is ready [after initial quick scan], expand the top tab lin by clicking on the >>>>. Choose processes, and when it lists select the is360.exe entry and press Kill Process.
Next press Files, navigate to IoBit in Program Files and select is360.exe; when you have selected the correct file the Delete button will then activate - Press it.
Uninstall IoBit.
And note the previous post re OTL and Run Fix.

Eagle, was IoBit on your system when you did the earlier GMER run shown at the top of this page[to save me checking back...]?
That last OTL report is not right... could you restart OTL, and paste in what is shown in the box above [all of it] and then press RUN FIX button, not the Run Scan button.

What version ksuser.dll do you have? Navigate to it, rclick the file and choose Properties, Version tab. [mine is 5.3.2600.5512 on a XP-SP3 system].

The human brain and the way it focuses on some issue/item and ignores all else can be a worrying thing. And I did just that with my last post. Stellios, I was referring to this in an earlier post of yours, not the regsvr32 post:
"dclicked setup.exe
in window where asked to type path where ksuser.dll
is located, typed in both folders
file name ksuser.dll comes up in my docs
i click, open,
ksuser.dll not found."
I meant that when you are requested to enter a path to ksuser.dll, type in C:\WINDOWS\System32\
If you are given the option of browsing to it then do that instead, and dclick on ksuser.dll.
[What you did as shown just above was no harm at all, you merely supplied the sys with the path of regsvr32.exe and so saved it collecting it from the environment variable list.. - and that little tidbit was possibly more than you needed/wanted to know... :) ]

Stellios, I checked, ksuser.dll does not require registering; most dlls don't, this is one of them.
Your delays don't matter to me.
When you type that path in, be sure to use..
C:\WINDOWS\System32\
I'm out of ideas...

Start OTL.exe
Paste the text written inside the box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
[2011/02/11 03:03:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

:Commands
[purity]
[emptytemp]
[Reboot]

Click the Run Fix button; post the results of the log.
Does this file exist:
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mssqlsystemresource.mdf ?
It is probably overkill to run both IoBit and SAS services.
I could see no other problems in those logs you posted. If after running the above fix there is no improvement then I can only suggest this further tool:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will want to download and install the Recovery Console on your system -agree.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to …

Get a version of memtest86+ that is the bootable option you would like to run, boot from that medium and run the test for at least half an hour, have a meal and so give it longer... a zero error result would rule out RAM.

Hi, yes, I saw that. I think you need to test that hdd. You could either download a bootable test application from the manufacturer's site and run it, else connect that hdd into another system and see if it is recognised.
Some test tools are found on this page: http://www.tacktech.com/display.cfm?ttid=287
If you were to disconnect the hdd only and try to boot you should eventually see a message, depending upon your BIOS, stating something like an OS or boot files or an active partition could not be found, or hard disk failure; then you might assume that all else was working satisfacorily. For this test you could even load a bootable cd into that drive, eg a windows Setup cd, to see if the system worked fully with that.

Hi, yes, I saw that. I think you need to test that hdd. You could either download a bootable test application from the manufacturer's site and run it, else connect that hdd into another system and see if it is recognised.
Some test tools are found on this page: http://www.tacktech.com/display.cfm?ttid=287
If you were to disconnect the hdd only and try to boot you should eventually see a message, depending upon your BIOS, stating something like an OS or boot files or an active partition could not be found, or hard disk failure; then you might assume that all else was working satisfacorily. For this test you could even load a bootable cd into that drive, eg a windows Setup cd, to see if the system worked fully with that.

Next step is to check the internal connections to those drives... they can become dislodged or just give poor continuity occasionally [the pins are often gold plated, but not always, to resist oxidation]. Power off at the wall, then remove the top or LHS side panel and you will see one or two wide [grey] ribbon connectors at the front of the mb [if there is only one cable then it goes to both hdd and cd drive, and that is encouraging...]]; replug all connections on that ribbon cable. Power up and check for success. If no go, power off, wait half a minute then swap the ribbon cable to the other connector on the mb, and power up again.
The floppy drive has its own connector and cable; because BIOS recognised it don't touch it.
If and when things look good, power off and replace the panel. Say how it goes.

"it tells me that the CD Rom Drive is not installed and the hard disk drive is not installed "
Uh-oh. BIOS cannot see any of your drives.
Okay, Dangerous Dan, about the first thing you would do is reset BIOS to defaults via BIOS Setup [often a BIOS exit option] and try to restart.

Let's have a closer look, Eagle. Download to your desktop this scanner, http://oldtimer.geekstogo.com/OTL.exe.
Start it via the icon, and for an initial scan simply set the file age to scan at 60 days, then press Run Scan button.
Two logs will be produced, OTL and Extras. Please post both. If really long you might attach them via the Use Advanced Editor button.

:). I think we'll call that a search engine loopback by user.

That GMer log shows clean, Eagle. Reinstalling Outlook will only spoil a very poor sort of virus; their function is to replicate as well as damage/interpose themselves, so there would be copies of it all through your system. But they would have to be hidden with a rootkit or two otherwise they would show in scans. I take it that the online scans showed nothing?
PP, feel very free to get in my way... :)

You certainly don't put an .iso on a flash drive unless you wish to transfer it to another cd. ie to burn it. An iso is a disk image.. a faithful replica of the disk's content. If you wish to use the flashdrive to install XP from, then You need to make the flshdrive bootable,as well as comtain the Setup files. There are plenty of guides on that on the web, but I find this software the most versatile and easy to use. Much like falling off a log...
Search for WintoFlash; the 0.7 beta is current and good. Download it, and use with your cd to build a bootable flashdrive. While doing that you might also consider nLiting your Windows OS... search for nLite, use it to remove the stuff you won't be wanting, make Windows as light n fluffy as duck down.

Hello, stellios. Boy, but you sure have patience. Anyway, try registering ksuser.dll. To do that Go Start, Run, and Enter:
regsvr32 ksuser.dll
That may help. Report any error message that is shown if the task is not successful.

"Microsoft says to start Windows with CD and choose R for repair console, then give chkdsk /R command.. But there was not such option...strangely."
I assume that you mean by no such option that there was no option to Repair using the Recovery Console? It is usually the second option on that screen, underneath Run Setup by pressing Enter. I say usually, because if Setup cannot find a Windows installation it will not offer the [R] Repair option.
If Setup is chosen there is another option to Repair windows; this is by reinstalling a lot of the system files over the old. I assume this is what happened? After running with this there is no way back, i am afraid, unless you have a comprehensive system restore pgm such as ERDNT.
You now must reinstall many applications plus all Security Hotfixes and Windows updates. Your data files will be untouched.
The many options placed before you by the Setup pgm can have serious repercussions; it is well worth checking your actions.

Likely a malware file. Download MBAM, update and run a Quick scan, ensure all it finds has a checkmark and choose to remove all. Reboot if MBAM requests it.
Please report back on your findings.

Hello, Stellios. Progress, then. Have you installed DirectX 9c or 10 yet? Installing that would likely solve the missing ksuser.dll problem.
You would have it on your motherboard cd.

Hi, Eagle,let's see what we can find, then.
First, clean with one of these two:
Either ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it only to Open and Run from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option], and using the default settings select the Cleaner icon, press Run Cleaner.

Or ==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.

==Next, run this rootkit scan and post the results. Do not use your computer during scan.

==Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php - it will have some obscure name.
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
-disconnect from the Internet and close all running programs.
-dclick the .exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into …

Eagle, I cannot find any problems with those logs. You will have to elucidate the difficulty you are experiencing.
The 3 files removed by IoBit are adware delivery agents.

Ripper, Irish.
Cheers.

I should have paid more attention to an earlier post of of yurs; you didn't have any extensions on the files you listed. My apologies for the oversight.
I don't really know why the option to hide extensions exists.. it just seems silly and dangerous to me.

Hello, stellios, is this the file that you downloaded: AUDIO_Realtek_5.10.00.5930_Xpx86?
From the site Rik suggested, http://www.acer.co.uk/ac/en/GB/content/drivers
You would use this link after browsing the site for your Desktop > Aspire > T160, http://www.acer.co.uk/ac/en/GB/content/drivers and press the dl button beside Audio.
I unzip that file and find a setup.exe in the main folder.
I think I understand your problem. There is indeed a file called SetupEx, but its full name is SetupEx.ini. Now I understand why you don't see the full setup.exe filename. You have a very important setting to change in Explorer; please do this:
Open an explorer window, go Tools, Folder Options > View tab, and uncheck Hide extensions for known file types. Apply and OK.
With that change you will now see Setup.exe in the unzipped AUDIO_Realtek folder. Dclick it.
Good luck. And keep that setting.

You might try replacing system32\appwiz.cpl.
If you have upgraded to SP3 then there will be a copy in the ServicePack\i386 folder.

And just in case you are still scratching your head over how just to mark the other partition active, here is a free tool that will accomplish that task for you, as well as remove the current active marking from the wrong drive:
http://www.partitionwizard.com/partition-wizard-bootable-cd.html
Free, choice of cd or USB flashdrive versions. The installable program is free also, although a feature that is lacking allows Easeus' similar offering to edge it out. But only just.

"a cursory analysis of the incident shows that the Registry entries for the Microsoft\Security Center\AntivrusDisableNotify and FirewallDisableNotify had been subverted preventing notification." Maybe so, but these are the values that determine whether or not you get a Security Centre icon in the taskbar warning about your firewall or AV service status. I expect my AV or Firewall to manage something more significant of their own as a warning.
"my daughter opened an email from a known respondent, so there is no question of self inflicted infection from accessing dubious websites." Depends, of course, on the value of known as in known respondent... can you possibly know beforehand whether the serving computer is infected? It is mostly always self-infliction, and with little or much to do with foolishness. That is the nature of the internet beast. We accept that risk because of the overall advantages.
And to answer this... "How did trojan bypass my security countermeasures?"... simply because it was designed to do just that. Just like the original wooden horse. Always look a gift horse in the mouth; now who subverted that one?

There is plenty in Hijackthis... :( Some of it I cannot be sure about, so... two sections:
The first, to me, are unnecessary ..er... baggage. I would uninstall if possible, and ensure these folders are deleted:
c:\program Files\Ask.com\
c:\program Files\Elf_1.13\
C:\Program Files\Fighters\
and these are fixed:
02 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program Files\Ask.com\GenericAskToolbar.dll
03 - Toolbar: Frostwire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} Øc:\Program Files\Ask.com\GenericAskToolbar.dll
02 - BHO: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program Files\Elf_1.13\tbElf_.dll
03 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
R3 - uRLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} c:\program Files\Elf_1.13\tbElf_.dll
04 - HKLM\ .. \Run: [Googl e Qui ck Search BOxJ "e: \program Fi 1 eS\Googl e\Qui ck Search Box\GoogleQuicksearchBox.exe" /autorun
04 - HKLM\ .. \Run: [sfagentJ c:\program Files\Fighters\sfagent.exe
Anyway, your choice on those.
These must be fixed, they are your problem:
F2 - REG:system.ini: userInit=C:\WINDOWS\system32\userinit.exe
02 - BHO: (no name) - {1331BOBA-6425-450F-B1E1-B469DFF197Bf} C:\WINDOWS\system32\atrace32.dll
02 - BHO: cc6af6c - {910253F6-A03D-85FO-684C-A76FBD54C1D2} C:\WINDOWs\system32\kbdsw32.dll
02 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
03 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
03 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
04 - HKLM\ .. \Run: [TkBellExeJ "e:\program Files\common Files\Real\update_oB\realsched.exe" -osboot
04 - HKLM\ .. \Run: [ati2dvagwow.exeJ C:\WINDows\ati2dvagwow.exe
04 - HKLM\ .. \Run: [ati2dvagwow.exeJ C:\WINDows\ati2dvagwow.exe
04 - HKLM\ .. \Run: [dsquerywow.exeJ C:\WINDOWs\dsquerywow.exe

Rob, hi...
First, try this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Second: could you rerun Hijackthis please, but before posting, in Notepad uncheck Format > Wordwrap. Too many entries are on the one line otherwise, and it is thus difficult to scan.

Catalana, to save using task manager you can use IE to do pretty much the file work of explorer. eg open IE; if you don't have it displayed already then show the address bar... set View to show details, then enter C: into the address bar. And go from there [you rclick and choose Open to open a folder etc].
In Windows you should still have Phillies.exe? -dclick it.

"Meanwhile, there is no c:\WINDOWS\explorer.exe there is a c:\WINDOWS\explorer.. I see both on my other computer " -I find that disturbing...

First off, those reg keys. If, as I suspect, one or more of them contain a huge list of hexadecimal code as data entries then I think it is safe to delete them - malware can load that data into memory. They are not registered/conforming CLSIDs anyway, merely invented.
klmd.sys has been subverted by the TDSS rootkit family on other systems, so many systems that I cannot ascertain by search what is its function.. it is not on my XP-SP3 sys. For the time being, rename it to system32/drivers/0000klmd.sys.bak.
catchme is a part of combofix; combofix jamming is a cause for alarm, it is being targeted. Try updating malwarebytes and scanning with it, see if it can catch any newly exposed files, then attempt combofix again.
If a CLSID refuses to delete then rclick it, go Permissions and take control, then whack it.
"Many thanks again for all you efforts. I was almost on the verge of a disk reformat."... apart from that, it is always nice to wring the neck of some malware. Writers are pouring effort into it, a lot of money is involved now. And thanks to you for hanging on, for fighting; it is frustrating but understandable when some folks give up and reformat... we learn little from that, but there are some utterly destructive viruses that leave no option - their aim is malicious damage, the aim of this stuff is theft and control.
Mind-boggling stuff:
0x20E Non-fatal A …

Gee, that was a journey. Did driver verifier pick up the modification to Volsnap.sys?
If you have not already done so, run
combofix /uninstall
...then dl a fresh copy from http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or http://subs.geekstogo.com/ComboFix.exe
Close down your AV and firewall as before, and run Combofix just the once.
Sorry, but it is very late here, beddy-byes for me.

Fin, could you wander into registry and delete those two CLSIDS manually, please?
You could export them to your desktop first, and post them, if you would.
Next do a search for all instances of {B4502AD1-AF97-EC66-7D66-304FFAC0F1DB}, export the subkeys and post them also? Tah.

Okay, I understand. Go into Control Panel and uninstall all Javas [if more than one version exists].
When that completes, go to this website and download THIS file for your system. When the download completes, run the exe to install the latest Java version.
http://javadl.sun.com/webapps/download/AutoDL?BundleId=45824

And a couple of other things you could do.. GMER originally put up a blue screen error of PFN_LST_CORRUPT... now that would have been caused by a driver [the rootkit?] accessing the page frame list incorrectly or trying to lock its physical memory range so that it stayed resident [exactly what error occurred would be indicated by the parameters given with the error code]. Run Driver Verifier with these settings:
Go Start, Run, and enter:
verifier
Ensure 'Create Standard Setting' is selected, hit next;
Click on 'Automatically select all drivers installed on this computer' and hit Finish;
Reboot.
And chatting with PP, it might be an idea to try TDSSKiller because of the prevalence recently of that rootkit type:
==Download tdsskiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
Start TDSSKiller via this command, NOT the icon:
"%userprofile%\desktop\tdsskiller.exe" -l C:\tdssrpt.txt <==paste this into Start, Run...
- click Scan. If TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required]; press Continue also on Skip prompt. Do not delete or quarantine any files.
Post the log from C:\.

Argghh.. because of the way it was structured, I was wondering if you were meaning to have a shutdown -r in there to test phillies.exe... and somehow was thinking of the path %systemroot%, not %systemdrive%. Why don't these machines understand that and adjust for it?

That worked just fine, Eagle. Apart from the connection problem could you give a rundown of your symptoms?
Run these tools, post their logs also, please.
==Download DDS by sUBs and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr
Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Thing is, fin, I have no way to trap these things on your sys... memory management will not place the pages at the same physical addresses each time they run. The launching process is not evident.
!!!!!!!!!!!Hidden driver: 00000102
Loaded from:
Address: 0x86F2328A
Size: 3446 bytes

==============================================
>Stealth

Unknown page with executable code
Address: 0x86F243CC
Size: 3124

Unknown page with executable code
Address: 0x86F2328A
Size: 3446

Unknown page with executable code
Address: 0x86F29143
Size: 3773

Try downloading and running GMER again:
==Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php - it will have some obscure name.
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
-disconnect from the Internet and close all running programs.
-dclick the .exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into it.
-Then, if you did NOT get a warning at startup about rootkit activity, uncheck all drives but your systemdrive in the drives section; click the Scan button and wait for the scan to finish (do not use your computer during the scan); again press the Copy button, paste also into that Notepad.
-please post that log.

Catalana, PP is not available atm. To save him/you some time I have taken the liberty of rearranging his zipped batch file to present further information re explorer.exe in your sys. Could you extract the .bat file from the attached zip, run it and post peek.txt as before?

Which version of Java do you have loaded? Latest is Vsn 6 - 23.
"i tried to reinstall but doesn't work." Do you get an error message? What?
Go control panel > java > update, & press update now. Next go into control panel again, add/remove pgms and remove all old versions of java. Finally...
JavaRa: http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download ; Unzip, and dclick JavaRa.exe. In the box that pops press Remove Older Versions. That will remove remnants that the uninstallation process leaves behind.

I am not talking about any other application, only this site, this thread.
Surely you can see the two buttons at the very foot of this shot?

"I do not believe that a firewall will prevent receipt of virus or trojan messages."... Nope. Those you "invite" in, although mostly unintentionally.
"What they will do is to prevent installed malware transmitting unauthorised data"... Well, maybe. A firewall is of little use if it accepts the sending process is one from a white list ie.. the malware has infected a known process and taken it over. A firewall must operate in conjunction with a system monitor and the user. When installing software the user either tells the firewall that the installer is trusted else he monitors every single change an installer makes. When that new application runs he then again either tells the firewall its processes are trusted, else he monitors everything that starts/opens.
Try Comodo... or one other of its ilk. Comodo will either drive you nuts or you will appreciate what it does for you and you will then use it properly and correctly. Safety follows.

So you backed up your files to a folder on your desktop, then reinstalled Windows to that same drive without formatting it. Fine. It is one risky backup method, should be safe, may not be... this is windows.
Anyway, a new version of Windows, a new User. May even be the same name you used before, but to Windows you are a hash, and with the possibilities available in a 128? bit hash, you are not known as the User of old. You must take ownership of the old user's files [know that his desktop is a folder inside his Docs n Setts folder].
User profiles are given a unique Security Identifier. So even if on a new installation you create a user with the same name the account will not have the same SID. My Documents folder is a special Windows folder; it is related to the owner by SID. You can take possession of it [if XP Pro] by using the Security tab in Properties. If XP Home Edition then to get the Security tab to show on folders you must start in Safe mode, log on with an account that has administrative rights. Access to the Security tab is required in order to change security permissions. Rclick a folder on the drive, select properties, > security tab, > advanced tab, click owner, click edit, click your user name in the list [or Administrator if you logged in as such] and check Replace owner on subcontainers …