Solved Windows 7 x64 machine suddenly performs restart as if I hit the button

TrunkMonkey

New member
Power User
Local time
1:30 AM
Messages
94
My HTPC has restarted itself probably 2-3 times in the last week. It's your standard Windows 7 restart complete with closing all apps, Logging Off, and Shutting Down screens. The most recent occurrence was just a few minutes ago. I was playing a video, running ATI CCC testing settings, and had Chrome open. I never issued this command or touched the PC itself. One thing I know was also going on was the daily MSE security definitions update, most likely in the install phase. I do not recall what was going on in the the previous times this happened, but it's all pretty recent.

This one has me stumped since it's not a blue screen, but a controlled restart with no errors or problems indicated. I can't for the life of me think of what could cause such a thing to happen. Can anyone think of any possible sources of a Restart command? Is MSE issuing this after definition updates? Is there a way to check the source of a restart command like in a windows system log?

EDIT: in Event Logs I found this:

Code:
Log Name:      System
Source:        Microsoft-Windows-Kernel-Power
Date:          10/22/2013 6:05:32 PM
Event ID:      109
Task Category: (103)
Level:         Information
Keywords:      (4)
User:          N/A
Computer:      Tower_Of_Power_
Description:
The kernel power manager has initiated a shutdown transition.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <EventID>109</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>103</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000004</Keywords>
    <TimeCreated SystemTime="2013-10-22T23:05:32.272660300Z" />
    <EventRecordID>85572</EventRecordID>
    <Correlation />
    <Execution ProcessID="532" ThreadID="536" />
    <Channel>System</Channel>
    <Computer>Tower_Of_Power_</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ShutdownActionType">5</Data>
    <Data Name="ShutdownEventCode">0</Data>
    <Data Name="ShutdownReason">5</Data>
  </EventData>
</Event>

And also this. Clearly here is the problem but why is it happening and what does it mean?

Code:
Log Name:      System
Source:        USER32
Date:          10/22/2013 6:05:06 PM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      Tower_Of_Power_
Description:
The process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (TOWER_OF_POWER_) has initiated the restart of computer TOWER_OF_POWER_ on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
 Reason Code: 0x80070000
 Shutdown Type: restart
 Comment: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="USER32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-22T23:05:06.000000000Z" />
    <EventRecordID>85524</EventRecordID>
    <Channel>System</Channel>
    <Computer>Tower_Of_Power_</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (TOWER_OF_POWER_)</Data>
    <Data>TOWER_OF_POWER_</Data>
    <Data>Legacy API shutdown</Data>
    <Data>0x80070000</Data>
    <Data>restart</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Binary>00000780000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>
 

My Computer My Computer

At a glance

Windows 7 Professional 64 bitAMD Phenom II X6 1055T 2.8 GHz (3.51 over clo...Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 7 Professional 64 bit
CPU
AMD Phenom II X6 1055T 2.8 GHz (3.51 over clocked)
Motherboard
Asus M4A87TD-EVO
Memory
Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)
Graphics Card(s)
Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2250 Dual Tuner
Sound Card
VIA VT1818 High Definition Audio 8-Channel, AMD Radeon HDMI
Monitor(s) Displays
23" Samsung SyncMaster PX2370 + 47" LG 47LH90 LED HDTV
Screen Resolution
1920x1080p
Hard Drives
Western Digital --> WD10EARS-00Y5B1 1 TB 5200 rpm (Backup)
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm (Media) Mirrored to
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm
BUSlink --> "USB2.0 Disk-On-The-Go/Lite" 18 GB mini HDD (Bootable Win 7 Insta
PSU
850 WATT OCZ --> OCZ850GXSSLI RTL
Case
Cool Master Scout --> SGC-2000-KKN1-GP RT
Cooling
CM 140mm front & top, 120mm rear & 2x side, stock CPU fan
Keyboard
Razer Lycosa Mirror, Logitech MX3200 wireless
Mouse
Logitech G9x, Logitech MX3200 wireless
Internet Speed
10 Mbps
Antivirus
Microsoft Security Essentials
Browser
Chrome & Internet Explorer 11
Other Info
Custom rig self build.
Recently upgraded for part time Media Center DVR duties.
Ok so I've found the issue. Event Logs showed MalwareBytes restarting after a daily quick scan and removal of suspicious software:

Code:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
SYSTEM :: TOWER_OF_POWER_ [limited]

Protection: Enabled

10/22/2013 6:00:12 PM
mbam-log-2013-10-22 (18-00-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 221031
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Trunk Monkey\Downloads\attsetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

About an hour ago I downloaded ATI Tray Tools from Softpedia. MBAM flagged and deleted the installer, which had not been run yet. I wonder if it's a false positive. Hmmmm. Posting all this in case someone else ever encounters mysterious restarts. I'll update anything new I find out.
 

My Computer My Computer

At a glance

Windows 7 Professional 64 bitAMD Phenom II X6 1055T 2.8 GHz (3.51 over clo...Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 7 Professional 64 bit
CPU
AMD Phenom II X6 1055T 2.8 GHz (3.51 over clocked)
Motherboard
Asus M4A87TD-EVO
Memory
Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)
Graphics Card(s)
Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2250 Dual Tuner
Sound Card
VIA VT1818 High Definition Audio 8-Channel, AMD Radeon HDMI
Monitor(s) Displays
23" Samsung SyncMaster PX2370 + 47" LG 47LH90 LED HDTV
Screen Resolution
1920x1080p
Hard Drives
Western Digital --> WD10EARS-00Y5B1 1 TB 5200 rpm (Backup)
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm (Media) Mirrored to
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm
BUSlink --> "USB2.0 Disk-On-The-Go/Lite" 18 GB mini HDD (Bootable Win 7 Insta
PSU
850 WATT OCZ --> OCZ850GXSSLI RTL
Case
Cool Master Scout --> SGC-2000-KKN1-GP RT
Cooling
CM 140mm front & top, 120mm rear & 2x side, stock CPU fan
Keyboard
Razer Lycosa Mirror, Logitech MX3200 wireless
Mouse
Logitech G9x, Logitech MX3200 wireless
Internet Speed
10 Mbps
Antivirus
Microsoft Security Essentials
Browser
Chrome & Internet Explorer 11
Other Info
Custom rig self build.
Recently upgraded for part time Media Center DVR duties.
Take care when downloading off Softpedia
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Agreed, many free sites have downloads injected with all sorts of crapware. Also read each window that comes up when installing one, even the EULA, sometimes it has opt=out options well buried.
 

My Computer My Computer

At a glance

Windows 7 Ultimate X64 SP1Intel i5-2550K, Differing ~4.4-4.8GHz No buil...16GB G.Skill Sniper 1866MHz @ 2133MHz 2x8GBASUS GTX650TIB-DC2OC-2GD5, (650TI Boost)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home Built Desktop By DataTech
OS
Windows 7 Ultimate X64 SP1
CPU
Intel i5-2550K, Differing ~4.4-4.8GHz No built in GPU
Motherboard
ASUS P8Z68-V PRO/GEN3
Memory
16GB G.Skill Sniper 1866MHz @ 2133MHz 2x8GB
Graphics Card(s)
ASUS GTX650TIB-DC2OC-2GD5, (650TI Boost)
Sound Card
Onboard Realtek 5-1
Monitor(s) Displays
Samsung P2570HD
Screen Resolution
1920x1080
Hard Drives
Samsung 840 Pro 256GB SSD for OS, 500GB Seagate Constellation (Enterprise drive) for Data
PSU
Corsair HX650W
Case
Inwin Dragon Rider
Cooling
Hyper 212 EVO w/two Noctua fans, push-pull, @1300 RPM
Keyboard
E-Z Eyes, bright yellow keys with large characters
Mouse
steelseries SENSEI Laser Pro Gaming
Internet Speed
48-51Mbs Mbs down, 11 Mbs up Xfinity Cable
Antivirus
Norton Internet Security 2013
Browser
IE 10, Opera, Pale Moon if needed
Other Info
4 case fans, LG BluRay-RE, ASUS DVD-RW, Mr. Fusion power supply, 1.21 gigawatts.
thanks for the advice, i'll take heed. I thought Softpedia was one of the good ones. But I guess it's installer beware. Thankfully I never installed it.
 

My Computer My Computer

At a glance

Windows 7 Professional 64 bitAMD Phenom II X6 1055T 2.8 GHz (3.51 over clo...Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 7 Professional 64 bit
CPU
AMD Phenom II X6 1055T 2.8 GHz (3.51 over clocked)
Motherboard
Asus M4A87TD-EVO
Memory
Corsair 8 GB CMX4GX3M2A1600C9R (1333 mHz)
Graphics Card(s)
Saphire Radeon 5830HD + Hauppauge WinTV-HVR-2250 Dual Tuner
Sound Card
VIA VT1818 High Definition Audio 8-Channel, AMD Radeon HDMI
Monitor(s) Displays
23" Samsung SyncMaster PX2370 + 47" LG 47LH90 LED HDTV
Screen Resolution
1920x1080p
Hard Drives
Western Digital --> WD10EARS-00Y5B1 1 TB 5200 rpm (Backup)
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm (Media) Mirrored to
Seagate --> ST2000DM001-1CH164 2 TB 7200 rpm
BUSlink --> "USB2.0 Disk-On-The-Go/Lite" 18 GB mini HDD (Bootable Win 7 Insta
PSU
850 WATT OCZ --> OCZ850GXSSLI RTL
Case
Cool Master Scout --> SGC-2000-KKN1-GP RT
Cooling
CM 140mm front & top, 120mm rear & 2x side, stock CPU fan
Keyboard
Razer Lycosa Mirror, Logitech MX3200 wireless
Mouse
Logitech G9x, Logitech MX3200 wireless
Internet Speed
10 Mbps
Antivirus
Microsoft Security Essentials
Browser
Chrome & Internet Explorer 11
Other Info
Custom rig self build.
Recently upgraded for part time Media Center DVR duties.
Back
Top