I have a client with a windows 2003 Server, Standard edition, SP1, that was comprimised by a hacker...after spending days cleaning it up, saving data, you can no longer logon to the machine. Since this is a DC, there is no local user, only the domain administrator. When you press ctrl alt del, it lets you type your information, says it's applying security settings, and then after 3 or 4 minutes, puts you back to the logon screen.
I have used Winternals to access the event viewer and found Event ID 1000, 1001, 55(NTFS is corrupt), and on and on and on.
My feeling the machine will need to be installed from scratch unless anyone else has seen this and has afix. Since all data is saved, there is no problem in reinstalling.