Which Service/Process Keeps Restarting My PC Daily?


The computers we use at my job run Windows XP Professional. The computers restart at exactly the same time each morning at 5am. What I’m trying to do is learn as much as possible about what is causing the restart so that I can prevent it.

There have been times where I’ll be working on a very important project, the computer will restart, and I will lose significant progress. It isn’t the sort of work where you can just hit “Save” and continue where you left off after the restart.

If there is a process running that is causing the restart, I want to be able to identify it so that I can “End” it when necessary. If the restart is being caused by a Windows service then I want to be able to identify it so I can “Stop” and/or “Disable” it when necessary.

I will tell you what steps I’ve taken and what I’ve learned. I’m hoping that someone can provide some insight or advice on what I should try next.

Note: I have administrative rights. All steps taken were done with admin privileges active.

a) I've tried the “Start>Run>shutdown –a” method in an attempt to halt the restart when it begins. It didn’t work. The restart still occurred at 5am.

b)I tried changing the Windows clock in an attempt to delay the restart. It didn’t work. The restart still occurred at 5am.

c) I tried disabling the Windows Time service in Control Panel>Administrative Tools>Services. It didn’t work. The restart still occurred at 5am.

d) I tried methods b and c simultaneously. It didn’t work. The restart still occurred at 5am.

e) I thought that the restart might be triggered remotely so I disconnected the Ethernet cable from the computer. It didn’t work. The restart still occurred at 5am.

f) I tried looking into Control Panel>Task Scheduler to see if the restart was a scheduled task. It wasn’t.

g) I tried looking more deeply into the Task Scheduler via the command prompt to see if perhaps there was a scheduled task that was being hidden from the Task Scheduler GUI. There wasn’t.

h) I tried looking through the list of running processes (over 50) in Task Manager to see if any of the names seemed like they might be related to restarting or shutting down etc. but nothing stood out.

i) I tried making a list of all processes running before 4:30am to see if any new processes were started between 4:30am and 5am. This wasn’t helpful.

j) I tried downloading and using Process Explorer in the hope that it might be able to identify the process that’s causing the restart. If the program is capable of doing this then I’m not sure how. Process Explorer seemed to provided a lot of information on each process but nothing that helped me uncover what the intended function of said process was.

I've been trying to solve this puzzle for weeks now. The more time I invest in it, the harder it is for me to give up. Any help would be greatly appreciated. Thank you so much!

If its a domain machine, most likely, group policy from the administrators push out changes and updates overnight. If not part of a domain, could be a scheduled task that was added and needs to be disabled. You would have to check the group policies, services, and registry for things that would do it. Could also be software like DeepFreeze or ThinClients forced to restart. Don;t know much of your setup, so could be any number of things, including malware, or a bad hardware component. if its all machines, most likely a group policy.

Check msconfig though, see whats set to run on startup. If its part of a domain though, it could be controlled by the domain admin, and might want to check with them. They might not know you work on the machine overnight, and might need to push a policy out for your user login on the machine. If its a company computer you don't own, ask before doing anything though. Might get yourself in hot water if you start messing with things an admin put in place, and if its a work issue, go through the proper chain of command, manager, helpdesk, etc, and get some answers. My feelings are its a domain controlled setting pushed by group a group policy though, and you most likely won't have any way to change that on your end other than logging on locally as admin, vs to the domain as a user.

Edited by digip
