My system runs for about 10-20 min then essentially locks up (some items not responding and some responding very slowly) and the menu bar at the bottom of the screen would disappear or turn white. Another symptem was that when selecting start->run the list of previous commands was blank.
I am running F-Secure anti-virus. I have also ran full scans using Malwarebytes, SuperAntiSpyware, and ESET Online Scanner (http://www.eset.eu/eset-online-scanner) until they gave a cleam bill of health with no effect.
Looking at System Log in Event Viewer showed an Event ID 4226. Below it the informaion on the event ID from Microsoft.
Product: Windows Operating System
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.
The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.
Establishing connection–rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
This event is a warning that a malicious program or a virus might be running on the system. To troubleshoot the issue, find the program that is responsible for the failing connection attempts and, if the program might be malicious, close the program as follows.
To close the program
1. At the command prompt, type
2. Find the process with a large number of open connections that are not yet established.
These connections are indicated by the TCP state SYN_SENT in the State column of the Active Connections information.
3. Note the process identification number (PID) of the process in the PID column.
4. Press CTRL+ALT+DELETE and then click Task Manager.
5. On the Processes tab, select the processes with the matching PID, and then click End Process.
If you need to select the option to view the PID for processes, on the View menu, click Select Columns, select the PID (Process Identifier) check box, and then click OK.
Currently there are no Microsoft Knowledge Base articles available for this specific error or event message. For information about other support options you can use to find answers online, see http://support.micro...om/default.aspx.
I followed the instrucions above and a few minutes after booing I was able to identify a process that was acting as described above. The process was scvhost.exe. Using Process Explorer from www.sysinternals.com I was able to get additional information that the command line for the process was 'C:\WINDOWS\System32\svchost.exe -k netsvcs'. The offending svchost process will show an incrascing amount of memory usage.
I killed the process but within a few minutes a new version of 'C:\WINDOWS\System32\svchost.exe -k netsvcs' would start and start making connections. I did this several times but a new 'C:\WINDOWS\System32\svchost.exe -k netsvcs' would always start witing a few minutes.
An additional if I start the system in 'safe mode' it does not hang but 'safe mode with networking' has the same problem.
If I continually kill the offending svchost process the system appears to work fine however if I let it run of any length of time the process will consume more and more memory until the system locks up.