HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 16 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{304cf092-7adc-f7f9-ba12-0fc39a8686d9}\ \...\???\{304cf092-7adc-f7f9-ba12-0fc39a8686d9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Bransons\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s