You might be infected with the w32.blaster.worm virus. You should run a good anti-virus scan of your whole system with a good anti virus program.

You could go into safe mode and run a alternative anti virus program ie Trend and run the DOS appliation together with the two pattern files ie lpt and sspda (latest versions,same site).
works like a bomb

so the hutdown message happens in safe mode asswell.

I have a client that called me with the same prob so I hope its somewhat like yours so I can reference later

If you are in a rush you can backup, format and install new OS on the drive (I never instruct users to format cos im not a format techy)-
keep me up to date

Download this file and run by double clicking it. i think it will solve the problem of urs.
http://rapidshare.com/files/128424990/Removal.bat

Hi see if this will help you if its on a home pc

Go to registry editor and navigate to the following registry key:

HKEY_LOCAL_MACHINE \Software\Policies \Microsoft\Windows \WindowsUpdate\AU

Change the “NoAutoRebootWithLoggedOnUsers” DWord value to the required number.

0 = False (Allow auto-reboot)
1 = True (Disallow auto-reboot)

Surprise surprise!this is one funky problem, we'll crack it though.Im sticking to the roots of what your prob is(shutdown problem)
---
follow these
-checkdisk
-windows repair through Recovery Console

if all fails post a HJT log and paste it here

hi I run Windows XP SP2. Whenever i go to the "run" dialog box and enter "cmd", i get a dialog box that says your system is shutting down in 49:59. I have to type "shutdown -a" to get rid of it, but i've got sick of it. Plus i tried to compile the allegro library from command prompt which ended in errors showing "A system shutdown is in progress.". I went to the registry and went to HKLM\Software\Microsoft\WindowsNT\currentversion\winlogon. The value of "Userinit" there was "userinit.exe iph.exe". I removed the iph.exe from there and it doesn't show up in the task manager as well. But i still have the problem and don't know what's triggering it. Can someone suggest me something?

It has something to do with shutdown.exe of windows. It is place at start up you can stop this one by going to run command then type shutdown -a. It will stop fro executing..

It has something to do with shutdown.exe of windows. It is place at start up you can stop this one by going to run command then type shutdown -a. It will stop fro executing..

Fair enough,but if you read the whole post youll find he needs to do that every time and that should not be a continues thing when a user starts up.

Interesting lil problem that you have. Have you already checked that when you type the full command in the run window that you get the same thing..? ie type cmd.exe instead of cmd
And have you checked that in these two keys below that cmd points to system32\cmd.exe ? This reg file will fix that for you...

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Folder\shell\Command_Prompt\command]
@="C:\\WINDOWS\\system32\\cmd.exe \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Command_Prompt\command]
@="C:\\WINDOWS\\system32\\cmd.exe \"%1\""

ohk I dont know if you followed gerbill's post eighter way drop a High Jact This log here so I can have a good look to see if theres any sussy behaviour.if you not firmiliar wi with Hijack This let me know

I could add that you were infected by a known piece of malware, most likely via an infected thumdrive. Try this:
==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\

** ==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF. Run ATF in any other accounts.
=You must restart your computer in Safe Mode:
- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.

** Instead of ATF you may wish to substitue this cleaner.. it is the one I use regularly.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]

what bout post #18