After MSE removed virus have unusual log messages

- try this:
What is Windows Defender Offline?

NB. read the instructions carefully..

I did the full scan after pulling the plug on the internet, and booting in safe mode..
seems to work really well, it takes quite a while to do the scouring, so be patient..

it sounds as though it's one of those "drive-by" trojans, they often compromise your AV/Firewall settings,
- so get those repaired, as soon as you've removed all traces of the trojan's dropper..

Hi BugMeister, I created a Windows Defender Offline CD using my XP machine which is has had a clean scan. I used it to scan my Win 7 machine which had the problem. I had the win 7 machine disconnected from the internet while I did this, but was given no option to boot from the CD in safe mode, in fact windows defender offline gave me no options, and ran a quick scan automatically. I then ran a full scan using it. Both report a clean machine.

However I'm still getting message ID 3007 and ID 3 as I first mentioned.

How do I check and repair AV/Firewall settings? (Windows Firewall and MSE).

Thanks.
PS - I uploaded MSE again from microsoft, and reinstalled it. Still getting same
messages. Also a few times now after doing the window defender scan, my machine goes in slow motion. If reboot comes right again.
PPS - I ran sfc /scannow at a command prompt boot from the tutorial, and got "windows resource protection did not find any integrity violations"

- did you set up the PC to boot from the CD..?
- it's a BIOS setting - check your motherboard manual for instructions

- leave the CD in the machine during the boot-up process, and it will start it's scan automatically..

- when the full scan is finished - it takes a while to complete - you can re-set the Boot option to run from the Hard drive as normal..

- patience is the key - so make a cup of tea while it does it's scouring operation..

It looks likely that you have a Java exploit, related to an old version of Java not being updated:

The rise of a new Java vulnerability - CVE-2012-1723 - Microsoft Malware Protection Center - Site Home - TechNet Blogs

After the scan recommended by BugMeister, you should complete uninstall all versions of Java, and consider leaving it off your system if you don't need it.

Regards,
Golden

Clean up the Java infection .... download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, update Java:

Update Java:

• Download the latest version of Java Runtime Environment (JRE) 7u7.
  Java SE Downloads
• Scroll over to the right (JRE)
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u7-windows-i586-p.exe to install the newest version.

Thanks Golden and Jacee, Yes I realized I was hit by the java exploit CVE-2012-1723. I ran TFC and I've uninstalled the Java that show as installed from the control panel (Java 1.7.0_07 and JavaFX 2.1.1).

I'm still get message ID 3007 from the antimalware log. And also the machine now seems to take a longer time to shut down

Before I uninstalled I looked at the the Java control panel - it only showed the one JRE, but when I searched for more JRE's it found one in MATLAB. MATLAB documentation says it comes with it's own JVM and that it may not work with another version, so I've left that on the machine.
1.6 1.6.0 http://java.sun.com/products/autodl/j2se C:\Program Files\MATLAB\R2007b\uninstall\java\jre\win64\jre\bin\javaw.exe
1.6 1.6.0 http://java.sun.com/products/autodl/j2se C:\Program Files\MATLAB\R2007b\sys\java\jre\win64\jre1.6.0\bin\javaw.exe

Scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push