ComboFix Log:
ComboFix 14-09-24.01 - Joe 09/25/2014 17:17:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3982.1892 [GMT -4:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\7576AccountantCenter.html
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.css
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.js
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\close_pop.png
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\jq.css
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.corner.js
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.min.js
c:\users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\qbw.css
c:\users\Joe\AppData\Local\TapTap
c:\users\Joe\AppData\Local\TapTap\score.xml
c:\windows\Fonts\USPSIMBStandard.ttf
.
.
((((((((((((((((((((((((( Files Created from 2014-08-25 to 2014-09-25 )))))))))))))))))))))))))))))))
.
.
2014-09-25 21:24 . 2014-09-25 21:24 -------- d-----w- c:\users\Remote Login\AppData\Local\temp
2014-09-25 21:24 . 2014-09-25 21:24 -------- d-----w- c:\users\QBDataServiceUser24\AppData\Local\temp
2014-09-25 21:24 . 2014-09-25 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-25 13:48 . 2014-09-25 13:48 -------- d-sh--w- c:\users\Joe\AppData\Local\EmieUserList
2014-09-25 13:48 . 2014-09-25 13:48 -------- d-sh--w- c:\users\Joe\AppData\Local\EmieSiteList
2014-09-25 13:34 . 2014-09-25 13:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-25 12:51 . 2014-09-25 12:51 -------- d-----w- c:\programdata\PDFC
2014-09-24 05:45 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 05:45 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-23 06:47 . 2014-09-23 06:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2F961B9-F9BF-492D-A664-4849B233EE46}\offreg.dll
2014-09-23 06:46 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2F961B9-F9BF-492D-A664-4849B233EE46}\mpengine.dll
2014-09-16 01:24 . 2014-09-16 01:24 -------- d-----w- c:\program files (x86)\ESET
2014-09-15 19:06 . 2014-09-15 19:21 -------- d-----w- c:\programdata\Recovery
2014-09-15 17:06 . 2014-09-25 21:16 -------- d-----w- c:\users\QBDataServiceUser24.JOE
2014-09-14 07:14 . 2014-09-14 07:14 -------- d-----w- c:\windows\Migration
2014-09-12 14:23 . 2014-09-12 14:23 -------- d-----w- C:\PROJECTTEMPLATESROOT
2014-09-12 14:01 . 2014-09-12 14:01 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2014-09-12 14:01 . 2014-09-12 14:01 -------- d-----w- c:\programdata\Nuance
2014-09-11 14:48 . 2014-09-25 13:34 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-11 07:01 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 07:01 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 17:01 . 2014-09-10 17:01 -------- d-----w- c:\users\Joe\AppData\Local\Macroplant_LLC
2014-09-10 16:58 . 2014-09-11 14:41 -------- d-----w- c:\program files (x86)\iExplorer
2014-09-10 07:23 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 07:23 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 07:23 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 07:23 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 07:23 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 07:23 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 07:23 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 07:23 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 07:23 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 07:23 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 07:23 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 02:33 . 2014-09-10 02:33 -------- d-----w- c:\users\Joe\Tracing
2014-08-28 07:58 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 07:58 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 07:58 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 13:34 . 2014-07-15 17:13 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-15 13:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-11 14:56 . 2012-12-06 19:10 210944 ----a-w- c:\windows\system32\rdpclip.exe
2014-09-11 07:02 . 2013-02-27 17:56 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-02 12:15 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-12 19:54 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-12 19:54 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-12 19:54 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-12 19:54 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-12 19:54 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-12 19:54 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-12 19:54 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-12 19:54 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-12 19:54 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-13 07:01 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 07:01 8856 ----a-w- c:\windows\SysWow64\icardres.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2010-11-21 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-01-14 21:12 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-01-14 1065480]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-06-26 3775800]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-12-2 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-26 6306104]
OSR_TinyWeb.lnk - c:\program files (x86)\Intuit\IDN\Common\TinyWeb\TINY.EXE "c:\program files (x86)\Intuit\IDN" 2211 127.0.0.1 [2013-11-7 58880]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-6-26 1129288]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2014\QBW32.EXE -silent [2014-6-26 1215816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 QuickBooksDB24;QuickBooksDB24;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~3\QBDBMgrN.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PROCMON23
*Deregistered* - PROCMON23
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-26 c:\windows\Tasks\HPCeeScheduleForJoe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-01-14 21:01 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2012-09-27 486552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-11 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-11 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-11 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: google.com
Trusted Zone: google.com\local
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
TCP: DhcpNameServer = 167.206.245.135 167.206.245.136
TCP: Interfaces\{C8689D7E-ECE1-4260-9B44-C9B66C606ACC}: DhcpNameServer = 167.206.245.135 167.206.245.136
DPF: {0AD584EB-F10F-46F7-BCB8-1085C386BEAE} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom2009.cab
DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: {788539E8-002D-4E59-9089-40B694A99C9A} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\oyv1mqiu.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?ei=utf-8&fr=tightropetb&type=11053_091114
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11053_091114&p=
FF - ExtSQL: !HIDDEN! 2013-02-18 13:52;
[email protected]; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: plugin.state.nptnt - 2
FF - user.js: plugin.state.nptnt - 2
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11053_091114&p=
FF - user.js: browser.search.defaultenginename - Yahoo:
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://search.yahoo.com/?ei=utf-8&fr=tightropetb&type=11053_091114
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url -
file:///c:\users\Joe\AppData\Local\TNT2\2.0.0.1855\pinnedSearch.htm
FF - user.js: browser.newtab.url -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\TightVNC\tvnserver.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
WebBrowser-{8D0BF943-CE38-44DF-A40D-B18FD3C8645B} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
Continued in next post...