[snippage]
further to this post, i would like to confirm that the
file not responding is C:\WINNT\SYSTEM32\CMD.EXE
[/snippage]
[more snippage][/more snippage]
Only in the latter case (command.exe) would I strongly suspect a Trojan or
viral infection. In the former, CMD.exe is a known executable, but it
worries me that it reports not responding at logoff which indicates
something is running in it while the user is logged on. Before shutting
down, what processes are running, anything in cmd.exe, ntvdm or wow? What is
in the start-up folder (All Users, current user) and run Keys in the
registry. How about things loading in win.ini. There are things that could
run in the cmd.exe process and do something to cause it to hang. Are the 40%
of the workstations all from the same image? Anything in common aside from
cmd.exe not responding at logoff? Maybe something hung from a login script
calling something in %comspec%?
(Note that these steps are still the same I would use to look for a Trojan
or virus aside from using at least two different scanning tools.)
As Mark V. said, what does installing cmd.exe from a "clean" system do? Any
improvement?
mole