Is there any reason eggdrop would be installed by default at the system level? I found a couple of users tonight using it, and got curious and ran a locate on it and found lots of entries for eggdrop in /lib/modules/2.2.14-5.0/misc/.
My thought is that he somehow gained access to this location and installed it from there. Does this sound about right?

eggdrop shouldn't be installed at the system level. Usually users will install this. Is your /lib/modules directory 777? If so, there's your answer. I'd suggest killing the eggdrops as soon as you can.

No, I didn't much think so. It's all gone now.:)

I'm pretty sure your server was rooted.

You may have been hacked.

If the libs directory is set such that these users who installed eggdrop do not have access, then you've been hacked. Especially, if eggdrop was there and now its gone.

You may want to check your log files. If you just had poor permissions, then they may not have been able to change the logs -- look for anything unusual.

Also, take a look at /etc/passwd and look for any user accounts that you did not create or that have their user id set to zero.
If you've been rooted, a common trick is to create a user account, e.g. lpd or bin or something that does not look bad and give it a uid of zero and a shell account. I have also seen people switch paches uid to 0 and give apache a shell account.