We had a virus attack on our server. This has ISA firewall installed but had no antivirus. Anyway Scanned and found a variant of Bagle Virus 2 files my guess got infected and it got deleted. I used Bit defender online scanner

Then tried Kaspersky online, panda and then fscecure online. It found a complete clean system. However in the event log get these errors.

------------------------------------------------------
Event id: 1053
Source: Userenv
User: NT AUTHORITY\SYSTEM

Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

---------------------------------------------------------
Tried installing norton or another anti-virus program and then this error happened

---------------------------------------------------------------
Event id: 11304
Source: Msi Installer

Product: Symantec AntiVirus -- Error 1304.Error writing to file C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe. Verify that you have access to that directory.

---------------------------------------------------------------
It fails at the same place. Thought the installer was bad and tried from various other installer. Even downloaded a new trial but no avail.

Since it gave me permissions error, it thought why not see the adminstrator permissions.

Opened computer manage and in administraor group saw entries of S-1--2323.....

Removed and tried add the user again but it gave the error below.

-------------
Windows cannot process object with the name "sheldon"
RPC server unavialble
-------------

But in services.msc RPC shows as started and set to automatic

Please Guys help
Sheldon
Thanks

Event ID 1053 - Userenv

Symptoms: your w2k/xp clients may receive this Event ID 1053 - Windows cannot determine the user or computer name. (<error description>). Group Policy processing aborted. Or error: "The specified user does not exist."

Resolutions: 1. Make sure that your internal DNS server is the server for the domain you are logging in to.
2. Verify the DNS Settings. This will occur if your DNS server is unable to resolve information about your domain.
3. Delete the problem computer from DNS records and re-create it.

Seeing as you're on a server I wonder if fixing the first error will resolve the second one.

MaDef's heart is in the right place, but the problem is local, not network based.

Since the RPC server is running, I'm thinking you have one of 2 problems:
1.) A firewall is blocking access to your localhost. I suggest you uninstall all norton security products (and any others that you may have - temporarily of course) and see if that helps.
2.) Your host file has been corrupted. Open the file c:\windows\system32\drivers\etc\hosts in a text editor (notepad is fine) and make sure the following line exists:
127.0.0.1 localhost
If you have any other lines not prefixed with a #, please post them here.

If neither of those help, please post back and we'll see what else we can do.

Would have like to try your suggestion but the day i posted, that very hour my server restarted and came up with ntorskrnl.exe file being corrupt. Tired recovery console but no use.

Had to format the server

Thanks any way for your reply