Okay, here's what happened. We recently got hit by a virus (WinShell50 according to Trend Micro), because our server wasn't up to date on all the windows security updates. I don't however, want to get bogged down on the virus related angle of this problem. The server has been cleaned, and is no longer infected.
My question specifically is related to a residual problem that is occurring. Every time the server is rebooted, ntoskrnl.exe immediately opens up port 443 and starts listening. Then, moments later when IIS starts up, it can't open the port (which it needs to for SSL connections). Subsequently, all out pages that require an SSL connection, get a page is not displayed error. This problem is more eloquently described in KB284984, however, I still can't get a handle on how to fix it.
Now what I've been able to do in the meantime, is to download this little app from Microsoft that tells me what ports on my server are active, and what processes/services they are associated with. To temporarily fix the problem, all I have to do is stop that process, and then restart IISADMIN, and poof!, it's fixed. But only until I have to restart the server.
I'm eagerly looking for a way to resolve this. My thinking is that SOMEWHERE there is a way to control, what services/processes startup. For the record... here's what I've already tried:
1. Ran the removal tool for the winshell50 virus.
2. Also stepped through the manual removal process.
3. I've checked my registry under LOCAL MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/RUN, but there's nothing there that would seem to start ntoskrnl.
I've also done a LOT of research on this problem, and I can't obviously include everything I've learned into this single post, but I'll be happy to elaborate if necessary.