Those windows system message pop ups use port 127 (NetBios). My guess is some script kiddy is scanning a block of IPs for a compromised machine, unless you are getting repeated traffic. They usually only scan once or twice, so if you're getting hit more than that, then someone has got it in for you.