Adding some specifics helps with performing the analysis. Symptoms and observations add to the technical picture. Having said that 'winrpcmx.exe' is toxic.... I think I see some potential problems on Hijack
Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:
- 1 Spybot S&D (Teatimer)
- 2 Ad-Aware Ad-Watch
- 3 Spywareguard
- 4 Windows Defender
- 5 TrojanHunter Guard
- 6 Disable SpySweeper
- 7 WinPatrol
- 8 CounterSpy
- 9 AVG Anti-Spyware (formerly ewido)
- 10 Spyware Doctor
- 11 Prevx
- 12 ProcessGuard
- 13 ZoneAlarm's OS Firewall
- 14 Ad-Aware 2007 Service
Notes from HJT log
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe >> legit
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) >>legit ; netframework 2.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{71C0CF67-E26B-47B3-B376-093FFAC27E67}: NameServer = 192.168.1.0
O4 - HKUS\S-1-5-21-625304501-3128334838-1852361277-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser18')
O4 - HKUS\S-1-5-18\..\Run: [WinRPCX] C:\WINDOWS\system32\winrpcmx.exe (User 'SYSTEM') >> X
O4 - HKUS\.DEFAULT\..\Run: [WinRPCX] C:\WINDOWS\system32\winrpcmx.exe (User 'Default user') >> X
.... Having said that 'winrpcmx.exe' is toxic.
Here is some reading for you: Trojan - online banking credentials
File::
c:\windows\system32\4scj05bs.exe
c:\windows\system32\72NE7O0l.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
c:\windows\system32\lsasss.exe [N/A]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe [N/A]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRPC]
winrpcmx.exe [N/A]
O4 - HKUS\S-1-5-18\..\Run: [WinRPCX] C:\WINDOWS\system32\winrpcmx.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WinRPCX] C:\WINDOWS\system32\winrpcmx.exe (User 'Default user')
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)