One of the servers that we monitor keeps getting this Security Audit log, we thought it was a hacking attempt the username, source address and port change all the time. We did a Malwarebytes scan found nothing, it is running Eset lastest.  One of the guys thinks that it is SQL or the ACT program causing this. I have looked around and Googled and found nothing. Please help


Security log generated a multiple events alert on NEWDOMAIN.NEWDOMAIN.dotfoil, the follow events occurred: Security log generated Failure Audit Event 529 
For more information see

Log: Security
Type: Failure Audit
Event: 529
Agent Time: 05:10:56 AM 27-May-2011
Event Time: 11:10:56 AM 27-May-2011 UTC
Source: Security
Category: Logon/Logoff
Username: SYSTEM
Computer: SERVER07
Description: Logon Failure:

       Reason:         Unknown user name or bad password

       User Name:      administrator

       Domain:         NEWDOMAIN

       Logon Type:     10

       Logon Process:  User32

       Authentication Package: Negotiate

       Workstation Name:       SERVER07

       Caller User Name:       SERVER07$

       Caller Domain:  NEWDOMAIN

       Caller Logon ID:        (0x0,0x3E7)

       Caller Process ID:      6660

       Transited Services:     -

       Source Network Address:

       Source Port:    3839