PC Randomly Turns On!

So, I recently (over the summer) bought a new desktop tower specifically with the hope of gaming. It is running Windows 8.1, has 16gb RAM, 2 TB HDDs, and my Anti-Malware/Virus Protection Services are McAfee Total Protection, and the free version of Malwarebytes. So this brings me to my questin, I'm tech savvy, but not tech genius, so when I went to sleep, and woke up to find my desktop powered on and waiting at the login screen I became concerned. I checked all around the internet and most was saying "Oh probably a boot on lan option check, or a task set to run" I checked the boot on lan and shut it off, but the tasks I'm unsure on how to check. So the next thing is went into my event viewer to see what was going on. I went into my security events and saw many events from 3 in the morning. These were the headers of those events. All the "Special Logon" were the same, along with the "Logon." I have included what the "General" tab of the events said. So, seeing this, I barely know what it means...To me it seems like it's saying someone tried to crack my PC's password and login, and that they succeeded. But what's more disturbing is that I wasn't logged into my PC at all during those times. I had shut it down and was sleeping. I also looked around in my "System" events and saw that at 8PM (also wasn't logged in then, with the PC shutdown) that an event occurred where a source of "mfehidk" with an event number of 516 tried to "Process **\MCUPDA~1.EXE pid (3848) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver." Then all of the McAfee services were terminated unexpectedly. What the heck does all these events mean? Why is my PC turning on by itself? I'm scared that someone is trying to hack my PC, but nothing has changed when I use it. Please, I'm desperate for an answer!

Audit Success 11/7/2015 03:40:22 Security-Auditing 4672  Special Logon
Audit Success 11/7/2015 03:40:22 Security-Auditing 4624 Logon
Audit Success 11/7/2015 03:40:22 Security-Auditing 4672  Special Logon
Audit Success 11/7/2015 03:40:22 Security-Auditing 4624  Logon
Audit Success 11/7/2015 03:40:00 Security-Auditing 4672  Special Logon
Audit Success 11/7/2015 03:40:00 Security-Auditing 4624 Logon
Audit Success 11/7/2015 03:39:58 Security-Auditing 4672 Special Logon

Special privileges assigned to new logon.

Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7

Privileges: SeAssignPrimaryTokenPrivilege

Audit Success 11/7/2015 03:39:58 Security-Auditing 4624  Logon

An account was successfully logged on.

Security ID: SYSTEM
Account Name: DEFAULT$
Account Domain: WORKGROUP
Logon ID: 0x3E7

Logon Type: 5

Impersonation Level: Impersonation

New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x314
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.


Question Info

Last updated July 7, 2019 Views 189 Applies to:


Thank you for posting your question on Microsoft community.

I appreciate you for providing details about the issue and your efforts towards resolving it.

This issue may occur due to corrupt or incorrect power settings. This issue may also occur due to presence of any virus or malware in Windows.

I would suggest you to run power troubleshooter and check if it helps. Please follow these steps:

a. Press Windows + W keys, type troubleshooting in the search box and press Enter.
b. Click "View all" and then click "Power".
c. Click "Next" and follow on-screen instructions.

If it does not help, run Microsoft safety scanner and check the issue.
Microsoft safety scanner

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

I hope this information helps.

Please do let us know if you need any further assistance.

Thank you

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.