3 malware programs - Digital Protection, Antimalware Doctor, Win 7 Defender Pro

I believe I went to a bad direct download server and suddenly I have all these pop-ups from the following 3 malware:

Digital Protection
Antimalware Doctor
Win 7 Defender Pro

I tried Trend Micro Housecall, did not remove the programs
I tried to install Malwarebytes' Anti-malware, I can't install even after I rename the exe

Can anyone help me remove these buggers? They are really frustrating me..

I am currently running Combofix b/c I saw it in one of the threads in this forum. It wasn't until after I started to run it when I saw a warning saying that Combofix is extremely powerful and I shouldnt be running it unless some skilled person advised me to... really sorry, I should have read the forum rules before I began this process... I guess I was too hasty in my desperateness to get rid of these malware...

I will post up the log regardless after it finishes running..

ANY HELP WILL BE GREATLY APPRECIATED!! THANKS!!

Last edited by yiujun on 12th April 2010, 8:17 am; edited 1 time in total

Combofix log:

ComboFix 10-04-11.03 - SHIP 12/04/2010 0:25.1.2 - x86 NETWORK
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1014.658 [GMT -7:00]
Running from: c:\users\SHIP\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\fiosejgfse.dll
c:\users\SHIP\AppData\Local\ave.exe
c:\users\SHIP\AppData\Local\Microsoft\Windows\Temporary Internet Files\86j2v4Kw.jpg
c:\users\SHIP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Rnbq4DF.jpg
c:\users\SHIP\AppData\Local\Microsoft\Windows\Temporary Internet Files\WxS5WTS.jpg
c:\users\SHIP\AppData\Local\Microsoft\Windows\Temporary Internet Files\xDMHgl7.jpg
c:\users\SHIP\AppData\Roaming\564DD75DA3A3473B90719D1A47B6CA63
c:\users\SHIP\AppData\Roaming\564DD75DA3A3473B90719D1A47B6CA63\enemies-names.txt
c:\users\SHIP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\SHIP\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\SHIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\SHIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\SHIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\SHIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\users\SHIP\Desktop\Antimalware Doctor.lnk
c:\users\SHIP\FAVORI~1\_favdata.dat
c:\users\SHIP\Favorites\_favdata.dat
c:\users\SHIP\reader_s.exe
c:\windows\system32\Thumbs.db
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 07:35 . 2010-04-12 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 06:36 . 2010-04-12 06:36 -------- d-----w- c:\users\SHIP\AppData\Local\ElevatedDiagnostics
2010-04-12 06:32 . 2010-04-12 07:21 182272 --sha-w- c:\users\SHIP\AppData\Local\2664644969.dll
2010-03-31 01:12 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-17 07:14 . 2010-04-12 04:43 -------- d-----w- c:\users\SHIP\AppData\Roaming\vlc
2010-03-17 07:12 . 2010-03-17 07:12 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 08:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-03-17 08:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-03-17 08:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-03-17 08:32 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-03-17 08:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-03-17 04:03 . 2009-11-10 23:25 -------- d-----w- c:\programdata\Microsoft Help
2010-03-01 08:15 . 2010-03-01 08:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 08:15 . 2010-03-01 08:15 -------- d-----w- c:\program files\Java
2010-02-19 06:34 . 2010-02-19 06:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-18 11:51 . 2010-02-13 22:46 79136 ----a-w- c:\users\SHIP\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 05:58 . 2009-11-10 23:28 -------- d-----w- c:\program files\Microsoft Works
2010-02-14 07:13 . 2010-02-13 22:49 -------- d-----w- c:\program files\Windows Live
2010-02-13 23:14 . 2010-02-13 23:11 -------- d-----w- c:\users\SHIP\AppData\Roaming\Apple Computer
2010-02-13 23:13 . 2010-02-13 23:06 -------- d-----w- c:\programdata\Apple
2010-02-13 23:11 . 2010-02-13 23:10 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-13 23:11 . 2010-02-13 23:10 -------- d-----w- c:\program files\iTunes
2010-02-13 23:10 . 2010-02-13 23:10 -------- d-----w- c:\program files\iPod
2010-02-13 23:10 . 2010-02-13 23:06 -------- d-----w- c:\program files\Common Files\Apple
2010-02-13 23:10 . 2010-02-13 23:08 -------- d-----w- c:\programdata\Apple Computer
2010-02-13 23:09 . 2010-02-13 23:09 -------- d-----w- c:\program files\Bonjour
2010-02-13 23:09 . 2010-02-13 23:08 -------- d-----w- c:\program files\QuickTime
2010-02-13 23:08 . 2010-02-13 23:08 -------- d-----w- c:\program files\Apple Software Update
2010-02-13 23:02 . 2010-02-13 23:01 16265732 ----a-w- c:\users\SHIP\AppData\Roaming\Asus\ASUS Vibe\ASUSVibeSetup.exe
2010-02-13 23:01 . 2010-02-13 23:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-02-13 23:00 . 2010-02-13 23:00 -------- d-----w- c:\users\SHIP\AppData\Roaming\Asus
2010-02-13 22:57 . 2009-11-10 23:45 -------- d-----w- c:\programdata\Trend Micro
2010-02-13 22:56 . 2010-02-13 22:56 -------- d-----w- c:\programdata\GoBoingo
2010-02-13 22:56 . 2010-02-13 22:56 -------- d-----w- c:\program files\Boingo
2010-02-13 22:56 . 2009-11-10 23:24 -------- d-----w- c:\program files\ASUS
2010-02-13 22:56 . 2010-02-13 22:56 520192 ----a-w- c:\windows\system32\Eee PC 1005P Series.scr
2010-02-13 22:53 . 2010-02-13 22:50 -------- d-----w- c:\program files\Microsoft
2010-02-13 22:52 . 2010-02-13 22:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-13 22:51 . 2010-02-13 22:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-13 22:49 . 2010-02-13 22:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-13 22:47 . 2010-02-13 22:47 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-02 07:45 . 2010-02-25 03:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 03:51 . 2010-01-23 03:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-18 23:29 . 2010-02-14 21:33 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-14 21:33 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-14 21:33 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-14 21:33 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-14 21:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-14 21:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-14 21:33 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-14 21:33 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-06-10 21:23 278864 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-06-10 21:23 278864 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-11-11 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-10-17 284160]
"EeeStorageBackup"="c:\program files\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Security\VizorHtmlDialog.exe" [2009-10-14 628016]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2009-10-14 116008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-02-13 2429]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-01 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-10-14 52752]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\SHIP\AppData\Roaming\Mozilla\Firefox\Profiles\8a09sluv.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-RunOnce- - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1612)
c:\program files\ASUS\Asus WebStorage\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
.
Completion time: 2010-04-12 00:39:44
ComboFix-quarantined-files.txt 2010-04-12 07:39

Pre-Run: 77,137,182,720 bytes free
Post-Run: 77,311,307,776 bytes free

- - End Of File - - CE70294F1AFD3476829ACC0A6664A1A5

THANKS IN ADVANCE!

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Hi,

Since yesterday night I have downloaded Avira to protect my computer.

The machine has been running fine every since I ran Combofix. No popups or anything at all. I also ran Malwarebytes' Anti-malware and got rid of some Digital Protection malware files. I will check the programs list again on my machine to ensure that everything was cleared out.

I guess I was lucky with Combofix - I was so worried after I found out that I shouldn't be running it without supervision. Lesson learned!

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.