Event Problem

F

Frog

Windows XP Pro Sp3

I have something going on here that is beyond my limited technical
skills to understand. Thus, I will attempt to describe what I am seeing
and hope somebody can make some sense out of what I am seeing.


Listed under Event Viewer, I fond the following:
System (The same entry has appeared numerous times)
Listed with a yellow triangle with a ! in the triangle.
Type...Date...Time...Source...Category...Event...User...Computer
Warning...5/8/2009...3:55:05
PM...WinDefend...None...3004...N/A...Frog-ADF6F864
Description:Windows Defender Real-Time Protection agent has detectede
changes. Microsoft recommends you analyze the software that made these
changes for potential risks. You can use information about how these
programs operate to choose whether to allow them to run or remove them
from your computer. Allow changes only if you trust the program or the
software publisher. Windows Defender can't undo changes that you allow.


Seeing this information in Event Viewer, I next made a visit to the
History information in Windows Defender. There I found the following
(an entry was included for every item I found in the Event Viewer):
Program and actions:
Name…Alert level…Action Taken …Date…Status
Unknown…Unknown…Permit…5/8/2009 3:55 PM…Succeeded
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software
publisher.
Resources:
firewallport:
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1695:UDP
Category:
Not Yet Classified


When I visit the registry location identified above, I find the
following on the right side of the window:
Name…Type…Data
(Default)…REG_SZ…(value not set)


My next visit was to Windows Firewall – Exceptions Tab
Programs and Services:
Checked – Call of Duty® 4 – Modern Warfare ™
Not Checked – File and Printer Sharing
Checked – Network Diagnostics for Windows XP
Checked – PnkBstrA
Checked – PnkBstrB
Checked – Remote Assistance
Not Checked – Remote Desktop
Not Checked – UpnP Framework
Checked - WinDVD

Can anybody help me understand what all of this means? I don’t know
what program is responsible for this causing this activity to occur. Help!

Note: I recently thought I had some sort of virus of malware present on
my system. Well, I decided after many attempts to follow the
instructions passed my way on this group, I decided to reinstall a
backup that was made on April 15, 2009. The problem, however, continues
as stated above. Other that showing up in the locations identified
above, my system seems to be performing as usual.

Thanks in advance for any help or guidance sent my way on this subject.

Frog

P.S. Please let me know if there is some other information you require
before you can help me decipher this problem.
 
P

Peter Foldes

Chris you are a mental case. You have no idea what you are doing and unfortunately
it shows



--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
 
P

PA Bear [MS MVP]

Another pcbuttHO1E spoof:

From: "PA Bear [MS MVP]" <[email protected]> [<=wrong!]
Newsgroups: microsoft.public.windowsxp.general
References: <[email protected]>
In-Reply-To: <[email protected]>
Subject: Re: Event Problem
Lines: 82
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="Windows-1252";
reply-type=response
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 [<=wrong!]
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Antivirus: avast! (VPS 090508-0, 05/08/2009), Outbound message
X-Antivirus-Status: Clean [<=scan an outgoing message? WRONG!]
Message-ID: <[email protected]>
X-Complaints-To: (e-mail address removed) {<=wrong!]
NNTP-Posting-Date: Sat, 09 May 2009 03:06:50 UTC
Organization: TeraNews.com
Date: Fri, 8 May 2009 20:06:48 -0700
Bytes: 4351
Path:
TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!nntp.giganews.com!novia!nx02.iad01.newshosting.com!newshosting.com!69.16.185.21.MISMATCH!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe13.iad.POSTED!4b08191c!not-for-mail
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsxp.general:1962587

Compare the above to the headers of this post.
--
~Robear Dyer
MS MVP-IE, Mail, Security, Windows Client
https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer

No you need to format your hard drive and reinstall windows.
<snip>
 
G

Gerry

Peter

I think your second comment is wrong. He just has a very twisted sense
of fun. He enjoys manipulating others. He knows exactly what he is
doing.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
G

Gerry

Frog

Windows Defender monitors registry changes in real time. You will see a
lot which are "Not Yet Classified". It places the user in a very
difficult position because many / most users do not instantly understand
the significance of the proposed change. If you are downloading and
installing a new application then you are forced to allow changes if you
want to install. Be more wary if they occur when you are not installing
or deliberately changing settings. These suggestions are not ideal
because malware can hitch a ride with a genuine download and it is
difficult to detect these invasions. You need to learn to judge whether
a site is "dodgy".

Your security software can include sensors which advise whether a site
is "risky". Thus my AVG Free Anti-Virus comments on some sites I visit.
Internet Explorer 8 also has this type of feature.

Investigating what you have allowed will generally blow your mind. Only
do it if you sense something is wrong.


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
L

Leythos

I think your second comment is wrong. He just has a very twisted sense
of fun. He enjoys manipulating others. He knows exactly what he is
doing.

It moved way beyond the possibility of "fun" many years ago - this
tactic of impersonating members of the groups and then giving malicious
advice or posting pornographic links in their name, is well documented
as his favorite tactic.

If the person was just having FUN they would give their impersonation
away in a manner that noobs could understand - as in poking fun at, but,
as you've seen butts is giving malicious advice while impersonating
others - hardly just in fun.
 
G

Gerry

I said "very twisted sense of fun". What is fun to him is not perceived
as fun to more conventional people. Butt lives in a different world to
more normal folk.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
T

The Real Truth [MS MVP]

http://pcbutts1.com/downloads/ngtrolls.htm

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




PA Bear said:
Another pcbuttHO1E spoof:

From: "PA Bear [MS MVP]" <[email protected]> [<=wrong!]
Newsgroups: microsoft.public.windowsxp.general
References: <[email protected]>
In-Reply-To: <[email protected]>
Subject: Re: Event Problem
Lines: 82
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="Windows-1252";
reply-type=response
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Mail 6.0.6001.18000 [<=wrong!]
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Antivirus: avast! (VPS 090508-0, 05/08/2009), Outbound message
X-Antivirus-Status: Clean [<=scan an outgoing message? WRONG!]
Message-ID: <[email protected]>
X-Complaints-To: (e-mail address removed) {<=wrong!]
NNTP-Posting-Date: Sat, 09 May 2009 03:06:50 UTC
Organization: TeraNews.com
Date: Fri, 8 May 2009 20:06:48 -0700
Bytes: 4351
Path:
TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!nntp.giganews.com!novia!nx02.iad01.newshosting.com!newshosting.com!69.16.185.21.MISMATCH!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!newsfe13.iad.POSTED!4b08191c!not-for-mail
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsxp.general:1962587

Compare the above to the headers of this post.
--
~Robear Dyer
MS MVP-IE, Mail, Security, Windows Client
https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer

No you need to format your hard drive and reinstall windows.
<snip>
 
G

Gerry

MS MVP imposter

Look in the mirror! I suspect that most, if not all, of those you name
in your link would agree that you fit your definition of a troll
admirably.


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
F

Frog

Gerry,

Thanks for your response...I think your message was the only one in this
thread that attempted to answer my message.
Frog

Windows Defender monitors registry changes in real time. You will see a
lot which are "Not Yet Classified".

What does "Not Yet Classified" mean? I have a feeling that it is
referring to a software application. If so, is there a way of
determining what software on a computer is "Not Yet Classified", and
might that lead me to the cause of the entries in the Event Log?

It places the user in a very
difficult position because many / most users do not instantly understand
the significance of the proposed change. If you are downloading and
installing a new application then you are forced to allow changes if you
want to install. Be more wary if they occur when you are not installing
or deliberately changing settings. These suggestions are not ideal
because malware can hitch a ride with a genuine download and it is
difficult to detect these invasions. You need to learn to judge whether
a site is "dodgy".

Your security software can include sensors which advise whether a site
is "risky". Thus my AVG Free Anti-Virus comments on some sites I visit.
Internet Explorer 8 also has this type of feature.

Investigating what you have allowed will generally blow your mind. Only
do it if you sense something is wrong.

Well, as I stated in my earlier message, my computer seems to be running
normally. I got concerned when I found the the yellow triangles with an
! mark in it in the Event Log. I do perform an extensive cleanup of my
system on a regular basis, and I rarely add software (other than Windows
updates) to my system. Thus, I am stumped as to where this Event Log
entry came from.

Lastly, a Windows Firewall question---In my original message in this
thread I included the following:

My next visit was to Windows Firewall – Exceptions Tab
Programs and Services:
Checked – Call of Duty® 4 – Modern Warfare ™
Not Checked – File and Printer Sharing
Checked – Network Diagnostics for Windows XP
Checked – PnkBstrA
Checked – PnkBstrB
Checked – Remote Assistance
Not Checked – Remote Desktop
Not Checked – UpnP Framework
Checked - WinDVD

What is likely to happen if I remove the check marks from all of the
entries in this list? Or what problems would possibly occur if I
restored all Windows Firewall settings to a default state?

I would appreciate any help sent my way on any of the above questions.

Frog
 
G

Gerry

Frog

You can't select a default action for software with a severe alert
rating or for software that has not yet been classified for potential
risks to your privacy or your computer. Windows Defender automatically
removes or alerts you to remove software with a severe alert rating. If
software has not yet been classified, you must review information about
the software, and then choose an action.

Not yet classified means what it says. No decision has been made as to
how the software is to be rated.

UDP is mainly used for streaming audio and video, voice over IP (VoIP)
and videoconferencing, because there is no time to retransmit erroneous
or dropped packets.
http://www.corruptedfilerepair.com/Ports/Port-Type-tcpudp-rrilwm-1695.aspFrog
wrote:

This link gives information about Windows Defender newsgroups
http://www.microsoft.com/windows/products/winfamily/defender/support.mspx


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top