I'm reposting this from another group (this one may be more appropriate), and with a better subject line.
Got a Windows 2003 Server machine that had a Malware infection awhile ago. I cleaned it up, and all seems to be OK, except for one naggy issue -- Remote access software (PCAnywhere, VNC, etc) is painfully slow and brings the machine to a crawl when/if somebody logs on. However, the MS Remote Desktop (and terminal services) works fine.
This hasn't been a huge issue - but I finally have a little time, and since it's been nagging me, I thought I'd try to track it down and see if it's a leftover from the Infection. FWIW, I opened a case with MS Support about it, and since the MS RDP works fine, they won't/can't do anything since they "don't support third party software (PCAnywhere/VNC/Etc)".
Only thing I find suspicious on a HJT log is this:
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
Now this obviously IS something leftover from an infection - but:
1) Internet access is fine
2) the correct MSWSOCK.DLL is in place where it should be (C:\windows\system32 & C:\windows\system32\dllcache)
3) The entire c:\documents and settings\administrator\windows\system32 directory was removed as part of the Malware fix.
My initial reaction to this is that this is probably a non-issue leftover scrap from the infection and nothing to be concerned about - however I've been wrong before <grin>.
I'm reluctant to run a Winsock Fix because I'm only able to access the machine remotely for a week or so, and don't want to accidentally screw-up the Internet connection.
Edited by garmanma, 21 January 2010 - 02:59 PM.
A duplicate topic has been deleted-MG