It may be that the actual username is unprintable characters. I would recommend that you read my blog posting <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/tracking-down-that-usercomputer-that-locks-ad-accounts/”>Tracking down that user/computer that locks AD accounts</a>. It may give you information about the source computer(s) creating these anomalous login events.
In the IT trenches? So am I – read my <a href=”http://itknowledgeexchange.techtarget.com/it-trenches”>IT-Trenches blog</a>