on my exchange server, i dont know if i'm infected with anything, but it keeps going down (mostly late at night) but has gone down a few times real early in the morning and a maybe once or twice before noon time. i noticed a service that kept starting around the time it went down which was the ati hotkey poller, so i disabled that, now another server keeps starting, server administrator, which i disabled, deleted most of the reg keys (that would be started) and its still starting! i dont know if that service has anything to do with it rebooting, as its logged (shows up) before the error of "the previous system shutdown was unexpected" but the server administrator event time is logged after that system shutdown error <<shrug>>
anyway, i've done sooo many scans with nod32, ad-aware, microsoft antispyware, spybot, and come up clean. so what i think thats telling me is that a virus already snuck in and is hiding itself maybe somewhere in the registry. i've used hijack this and used an online analyzer, but really dont come up with any unusual. my exchange is 2000 server and windows 2000 server also. if anyone has any ideas how to fix this or need more info, please let me know. thanks!