There is a log source processing options in Web Reporter to use client host names for unauthenticated traffic. It's likely you have this option enabled. So you should probably turn that off, then figure out why the traffic isn't being authenticated. Most common reasons for bypassing authentication are
1) Misconfigured policy
2) Policy to bypass authentication for apps that are not proxy aware and perform authentication (ie. most Java apps).
Ok that makes me fell better. There is a global rule to allow Streaming Media (not sure why it is there, it was there when we inherited it) I will look at why it is there and either move it after authinication or disable if I can. I may have to start another discussion to get some help in interpretation:)
Thanks for the help.
You could run a report in Web Reporter to look at the sites associated with streaming media as the category. Once you know which sites seemed to be access the most, you might be able to guess the reason that rule was put there. It might have just been a lazy way to get around problems with some specific sreaming media site, but as a side affect applied to Youtube and other popular streaming media sites. That is why the hits were so high, bringing them to the top of your reports were you noticed the computer names.