PC reboots ~20 minutes after startup every day - Windows 7

If I were going after this, I would install NVT ERP and use its monitoring capabilities to see what is behind the reboot. Here is a download link of the free 3.1 version:

http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_15052015_BUILD1.exe

Last build before the dev took a break for some other work. He's back working and there could be another version later, but this is a good application for free.

Install the app and wait. Pretty much that simple. If it doesn't alert you to the activity, you may need to configure settings a little bit (add taskhost.exe to the vulnerables list and maybe runonce.exe and some others, especially command line related interpreters, etc.).

Hope this helps. Really good for tracking down this kind of (what appears to be pure software) issue...

Sorry I didn't get back to you sooner. If you still have the ERP installed, have you started seeing alerts? Either way, look in the system tray and right click on the icon. Set the mode to Alert Mode if it's not already set that way.

Just look closely at the alerts. See what is requesting activity and what it's trying to start. You can whitelist by command line, which means you can let command lines go by that you know are safe. It's safer just to allow rather than whitelist, but the whitelist is there.

What you can do with NVT is follow the progression of malware via the alerts. In this case, you are looking for something that turns off your computer but not necessarily malware. It works the same.

Try the following. Double click on the tray icon and choose File->settings in the menu up top. Click on the advanced tab and then Vulnerable Processes about half way down on the program client. Next right click in the area where you see data in Vulnerable Processes. Select add new. Navigate to C:\Windows\system32\csrss.exe and add it. Then do the same thing with C:\Windows\system32\winlogon.exe. Also while you are at it you might want to add C:\Windows\system32\taskeng.exe or C:\Windows\syswow\taskeng.exe, depending on what OS version of W7 you have, 32 or 64 bit. If you get any alerts from those processes just make note of anything interesting you see and then click allow, or you can click block if something is trying to restart the computer. Just don't whitelist anything, but it isn't a big deal if you do. If you blacklist whatever is causing the restarts, they will stop for sure, however. Otherwise, stay away from blacklisting Windows processes, because that can cause the system to function improperly and send you to safe mode to adjust the ERP settings. No harm long term. Be sure to look at the command line line in the alert. Note anything you don't recognize, and you can post it back.

Any time anything initiates a restart, you should get an alert that will give you helpful information on what initiated the event, in this case shutdown. Then you will know if it's a program or a scheduled task, and you can hunt it down. When you are done with your investigation, you can delete the entries you added to the Vulnerable Processes list.

"@AtlBo so after i go to advanced and add those programs, a window pops up asking if I should allow taskeng.exe, one of the things i added. Should i allow it or block it?"

Allow it and see if you get the reboot. Malware will often use a scheduled event which may be left behind even if the malware is gone or can't run. Make note of the command line of the Taskeng alert. Also, just because the PC doesn't shut down doesn't mean it's not a task.

If you run into alerts from programs you know, just whitelist them. Allow everything else, since you aren't after malware. Maybe something will trigger the alert.

friedlander .m.s is correct about heat and dust too. If you can't determine via ERP what is causing the problem, checking for dust is a good idea. Good idea anyway. Actually, if the shutdown is not a normal shutdown (a flash shutdown instead), it is more credible that hardware might be the issue.

BTW, if you don't see an alert before a shutdown, good chance ERP still to a log record of the event. They are stored in C:\ProgramData\NoVirusThanks\EXE Radar Pro\Logs. Look for the most recent entry before the shutdown...

If this is an older computer it is conceivable that the CPU heat sink could be blocked with dirt.
It is possible that the fan died...
However you gotta remove the fan to get a good look at the heat sink - unfortunately.
Good luck OP, and don't give up.

When it shuts off:

- Are there any lights on the PC lit up?

- Do the fans stop spinning?

- Does the monitor go black instantly with no "shutting down" or warnings or say "No signal"?

Nice going.
It won't hurt to use a better heat sink either...
Be sure to remove the fan: because dirt can be hiding under the fan, where you won't see it. This blocks the cooling air.
Get the heat sink all cleaned up.