OS Win 8.1 standalone user on home network.
My wife's new computer is having CONSTANT HDD thrashing. Check Security event logs and find MANY entries for "Audit Success, Microsoft Windows Security Auditing, Event ID 4672 Special Logon, 4624 Logon, and 4797 User Account Management. As many as 30 per hour. Also "Audit Policy change" as many as hundreds with the same date/time stamp.
This activity goes on constantly, even if she has not been at her computer for a few hours. If I turn off our home network it stops. When I restart the network (issues a new IP address) it takes a while for the activity to resume. All of which create suspicion that it might be spoofed testing from outside. Some posters say "If you are not having a problem, ignore it" but security concerns aside, the constant HDD thrashing (audible) is very annoying (and wearing to the HDD). Thanks