With the help of this site I recently managed to remove some Adware Hijacker malware. Being more careful I now check my Event List daily. It looks clean except an Event Code 4226 "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts". I understand that this might indicate a bad process that is trying tcp/ip addresses rapidly at random and so Windows has limited the number of attempts to 10 (per second?).
Neither Avast or Malwarebytes or AdwCleaner detected any problems.
The strange thing is that I get the Event Error every 24 hours and 8 minutes!!
Attached is what is displayed in the Command window 10 seconds before and 10 seconds after the event.
The difference between before and after is that PID 0 (shown as 'System Idle Process' in Windows Task Manager) has several TIME_WAITs to:
- Loopback to local host 127.0.0.1 port 12110
- 18.104.22.168:80 twice
- 22.214.171.124&233 port 110
- 126.96.36.199:443 - similar address to PID 1796 which is AvastSvc.exe
As you can see there are no Syn_SENT statuses which MS say are associated with this problem.
Can anyone throw any light on this?