Many many thanks for your help. I've not worked out how to do the neat quotes yet but here are my responses to your points
"I suppose you can't even access the Windows Events logs or any other info in your computer that could help us to help you..."
I can open 'eventvwr.msc' using 'run' in the task manager. I then have about 2 minutes before RPC is killed and the NTAuthority close-down sequence starts. But while I can see the log list views I can't open the properties windows.
Certainly Avast is throwing up a whole sequence of error alerts (id 90) in the antivirus log
"Can you boot from another computer having this 'problematic' HD installed as a slave drive, scan it with a-squared, ewido, avast, etc.?"
This is really what I've done. I plugged in an Adaptec 2940 and hooked on a SCSI hard drive. I then set the boot sequence to launch from the SCSI but all the other dives are still here and visible. But I don't know how to look at - let alone edit - the registry of the infected OS
I don't know how to change these setting to 'Restart Services'
Really I think this will be a workaround. RPC is a completely necessary Windows service. I think this 'restart' won't even work... It can't fail at the first.
So, better will be trying to solve the problem (why is it crashing...) and not just 'set to restart' the service.
I totally agree. But, if the service was restarted it might give us more time to find the culprit