Winlogon.exe constantly at 50% CPU

I know this has probably been discussed before, but I recently noticed my server was slowing down. When I checked Task Manager, I noticed there are two winlogon.exe processes running. Both show the user as SYSTEM, but one of them constantly runs at 50-60% CPU utilization.

I am running Windows 2003 Standard Edition with SP2. It's a web server I use to host some family sites. I've also got FileZilla Server running to access SFTP traffic for file uploads. There isn't no monitor hooked up so I only use RDP to connect to it. This problem only showed up about 4-6 weeks ago.

The only change I remember making before this started showing up was the installation of a print drive for an old HP printer I was toying with, but I have since uninstalled everything that I can from the Add/Remove Programs option in Control Panel. I've also run the TrendMicro Housecall to try and clean things up a bit, but there was nothing detected other than some normal cookies.

I have a HJT log file but won't post it until told to do so. Any help would be greatly appreciated.

 

I'll run through the instructions tonight.

There aren't any other users logged in, but I wasn't sure if connecting via RDP made a difference. The server has been rebooted multiple times since I disconnected and threw away the monitor, so I don't think there's a session active on the console.

I post the logs soon.

Pfc Gump :major

 

Here are the log files after running the READ & RUN ME FIRST procedure. I ran AVG Antispyware tool twice and couldn't get it to give me an option for saving the log file.

Thanks in advance for your help.

Is the fact that I'm seeing 2 instances of winlogon.exe in task manager when I can only account for one user being logged in a potential cause for concern?

pfcGump

 

Thanks chaslang,

I don't know what did it, but both winlogon.exe process are mostly idle now. After I ran all the checks and posted my logs, one of the processes was still hanging around the 50-60% range, but I waited a few hours and checked again and all seems fine. I did pull out an old monitor and plugged it back into the server, but it doubtful that had anything to do with it.

Thanks again. One more happy MajorGeeks customer.

pfcGump