It is a Win2K machine, I have Norton on here, SpySweeper, AdAware so am I hopefully optimistic this is not a trojan or virus. But the winlogon process is constantly running at 90+%.
M
Logfile of HijackThis v1.99.1
Scan saved at 10:36:49 AM, on 11/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://concorde.lab.eucom.mil:2002/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MaxInst] MaxInst
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NAV\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Cisco Security Agent.lnk = C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} (AvMediaMasterCtrl Class) - https://172.16.120.7...MediaMasENU.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lab.eucom.mil
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E2887EC-11FC-4600-989B-64E5AF3E156D}: Domain = lab.eucom.mil
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E2887EC-11FC-4600-989B-64E5AF3E156D}: NameServer = 192.168.100.10,137.95.3.19,136.95.3.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4127F2-C836-44D3-8C5C-C92F853093AB}: Domain = lab.eucom.mil
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF4127F2-C836-44D3-8C5C-C92F853093AB}: NameServer = 192.168.100.10,137.95.3.19,137.95.3.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lab.eucom.mil
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lab.eucom.mil
O20 - AppInit_DLLs: csauser.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: CiscoSecure ACS Agent (ACSRemoteAgent) - Unknown owner - C:\Program Files\Cisco\CiscoSecure ACS Agent\CSAgent\CSAgent.exe
O23 - Service: Cisco Security Agent (CSAgent) - Unknown owner - C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe" -t c (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NAV\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DoubleScreenService - Diamond Multimedia Systems, Inc - C:\WINNT\System32\dsnthser.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Server - Symantec Corporation - C:\Program Files\NAV\rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe