Windows 7 x64 machine suddenly performs restart as if I hit the button


  1. Posts : 94
    Windows 7 Professional 64 bit
       #1

    Windows 7 x64 machine suddenly performs restart as if I hit the button


    My HTPC has restarted itself probably 2-3 times in the last week. It's your standard Windows 7 restart complete with closing all apps, Logging Off, and Shutting Down screens. The most recent occurrence was just a few minutes ago. I was playing a video, running ATI CCC testing settings, and had Chrome open. I never issued this command or touched the PC itself. One thing I know was also going on was the daily MSE security definitions update, most likely in the install phase. I do not recall what was going on in the the previous times this happened, but it's all pretty recent.

    This one has me stumped since it's not a blue screen, but a controlled restart with no errors or problems indicated. I can't for the life of me think of what could cause such a thing to happen. Can anyone think of any possible sources of a Restart command? Is MSE issuing this after definition updates? Is there a way to check the source of a restart command like in a windows system log?

    EDIT: in Event Logs I found this:

    Code:
    Log Name:      System
    Source:        Microsoft-Windows-Kernel-Power
    Date:          10/22/2013 6:05:32 PM
    Event ID:      109
    Task Category: (103)
    Level:         Information
    Keywords:      (4)
    User:          N/A
    Computer:      Tower_Of_Power_
    Description:
    The kernel power manager has initiated a shutdown transition.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
        <EventID>109</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>103</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000004</Keywords>
        <TimeCreated SystemTime="2013-10-22T23:05:32.272660300Z" />
        <EventRecordID>85572</EventRecordID>
        <Correlation />
        <Execution ProcessID="532" ThreadID="536" />
        <Channel>System</Channel>
        <Computer>Tower_Of_Power_</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="ShutdownActionType">5</Data>
        <Data Name="ShutdownEventCode">0</Data>
        <Data Name="ShutdownReason">5</Data>
      </EventData>
    </Event>
    And also this. Clearly here is the problem but why is it happening and what does it mean?

    Code:
    Log Name:      System
    Source:        USER32
    Date:          10/22/2013 6:05:06 PM
    Event ID:      1074
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          SYSTEM
    Computer:      Tower_Of_Power_
    Description:
    The process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (TOWER_OF_POWER_) has initiated the restart of computer TOWER_OF_POWER_ on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
     Reason Code: 0x80070000
     Shutdown Type: restart
     Comment: 
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="USER32" />
        <EventID Qualifiers="32768">1074</EventID>
        <Level>4</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-10-22T23:05:06.000000000Z" />
        <EventRecordID>85524</EventRecordID>
        <Channel>System</Channel>
        <Computer>Tower_Of_Power_</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (TOWER_OF_POWER_)</Data>
        <Data>TOWER_OF_POWER_</Data>
        <Data>Legacy API shutdown</Data>
        <Data>0x80070000</Data>
        <Data>restart</Data>
        <Data>
        </Data>
        <Data>NT AUTHORITY\SYSTEM</Data>
        <Binary>00000780000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
      </EventData>
    </Event>
      My Computer


  2. Posts : 94
    Windows 7 Professional 64 bit
    Thread Starter
       #2

    Ok so I've found the issue. Event Logs showed MalwareBytes restarting after a daily quick scan and removal of suspicious software:

    Code:
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org
    
    Database version: v2013.10.22.10
    
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    SYSTEM :: TOWER_OF_POWER_ [limited]
    
    Protection: Enabled
    
    10/22/2013 6:00:12 PM
    mbam-log-2013-10-22 (18-00-12).txt
    
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled: 
    Objects scanned: 221031
    Time elapsed: 4 minute(s), 54 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 0
    (No malicious items detected)
    
    Files Detected: 1
    C:\Users\Trunk Monkey\Downloads\attsetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    
    (end)
    About an hour ago I downloaded ATI Tray Tools from Softpedia. MBAM flagged and deleted the installer, which had not been run yet. I wonder if it's a false positive. Hmmmm. Posting all this in case someone else ever encounters mysterious restarts. I'll update anything new I find out.
      My Computer


  3. Posts : 19,384
    Windows 10 Pro x64 ; Xubuntu x64
       #3

    Take care when downloading off Softpedia
      My Computer


  4. Posts : 24,479
    Windows 7 Ultimate X64 SP1
       #4

    Agreed, many free sites have downloads injected with all sorts of crapware. Also read each window that comes up when installing one, even the EULA, sometimes it has opt=out options well buried.
      My Computer


  5. Posts : 94
    Windows 7 Professional 64 bit
    Thread Starter
       #5

    thanks for the advice, i'll take heed. I thought Softpedia was one of the good ones. But I guess it's installer beware. Thankfully I never installed it.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:52.
Find Us