Suspicious RPC service on parents' computer

My parents Dell has been incredibly slow, and I've always just chalked it up to age - but today in services.msc I noticed RPC cannot be stopped or disabled, lists every other service as dependencies, and has pretty strict auto-restart settings.

Even in safe mode all this was still true.

Any ideas?

 

If it allowed you to disable the service you'd apparently regret it. Take a look at the following link:

http://www.theeldergeek.com/remote_procedure_call_(rpc).htm

Nobody knows what it does exactly.....surely that is wrong; but disabling seems to make your computer die. A little more googling and you might find out what it actually does.

 

Remote procedure call (RPC) is an Inter-process communication technology that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction. That is, the programmer would write essentially the same code whether the subroutine is local to the executing program, or remote. When the software in question is written using object-oriented principles, RPC may be referred to as remote invocation or remote method invocation.

It involves the internet protocol suite.

Info courtesy of Wikipedia.

 

I know RPC itself is a legitimate MS service, but no other computer I've seen has EVERY other service listed as dependent upon it, though, nor does any other PC have all disable/stop options greyed out. This seems like a case of virus/malware related tampering to me - particularly as it jumps to ~90 CPU time usage whenever an internet program is opened.

 

Well if you state that an unusual number of unrelated programs have un-adjustable dependencies, then I would suspect it could be a virus as well. Try running the MalwareBytes trial version. It has picked up every threat that even Norton 360 can't identify.

http://www.malwarebytes.org/

 

Avast and Spybot have picked up nothing, but I'll try that out. Oddly enough since I started messing with it, now the taskbar has been minimized and locked (with lock the taskbar greyed out) and avast has been disabled.

 

and now I can't launch IE, can't access the taskbar and can't access system restore (gives an error) or services.msc or regedit (don't know how to get to them apart from "run" in the start menu) - even in safe mode.

I think the problem may be when I changed the Log On for RPC from "This account: NT Authority\NetworkService" to "Local System account"

though it rebooted fine right after I did that...it's just unusable now
Maybe it was when I disabled it on the hardware profile.


any ideas?

EDIT: I'm able to get into registry editor through safe mode command prompt, any idea what keys I need to change to get RPC back to the way it was?

I've pretty much ruled out a trojan/virus - looks like everything really is supposed to be dependent upon this service...which I've now severely crippled.

EDIT 2: Well I've restored the Log On section, now I just need to fix the hardware profile disable/enable setting - but I can't find it anywherein the registry, and services.msc in safe mode won't let me open properties for anything (I click it, nothing happens).

 

Found a fix from MS:
http://support.microsoft.com/kb/838428

worked fine


only problem is now I'm back to square one: RPC taking up 99% CPU whenever I open any internet related app on the PC.

More details on PC:
Dell Dimension XPS T600 (ZOMG NOT A NOTEBOOK DJGSHKJGhk)
WinXP SP3
768MB PC-100 SDRAM
3dFx Voodoo 5 5500 with some fanmade drivers I found online to get it to work with XP, it shows up as "3dfx Voodoo Series"
Sound Blaster Live!

EDIT:
Malwarebytes log:

 

Registry Keys Infected: 2
Registry Values Infected: 1

Seems like something edited the RPC values.
Did you quarantine and remove those 3 items?

 

Yeah but I doubt those were related to RPC. I'm starting to think nothing malicious tampered with RPC, RPC is just being used inefficiently by some other process.