My organization has a user that left, and their account is continually logging on to one of our machines machines with a privledge use category. This was a trusted person, and they are not in fact logging on any longer. If we disable the account we get a slew of failure aduits in the security log. We are trying to find out where the logon call is being initiated from so we can fix that and move on. It apprears to be restarting the WMI perfomance adapter service.
I have disabled SMS agents, checked for AT schedules, Windows Scheduler, and performance counters. I cannot find anything... help!