Win(XP) Operating System blocked - Inet not working

hi ,
i’m quite new in the forum but i’m relative used to commodo. i found a topic in this forum that was quite simmilar to my problem, but hasn’t any suggestions to fix the problem, so i opened a new one.

so my problem is, that since today, cmd blocks my “windows operating system” at several ports and listings. i can surf @ low speed, but downloading or uploading is impossible, cause after a few minutes, my inet just goes down.
i’m no expert in that case, but it just looks like lots of inet ips are blocked.
i added an image of my firewall events:

http://img9.imageshack.us/img9/1144/commodobugging.jpg

i didn’t really change anything in commodo , the only thing related to my inet, is that i deleted some cookies and temporary inet files yesterday.

i have win xp installed, use commodo for about 3 years now, and till today never had any problem of any kind with commodo.
thx for your help

Hi mongoflasher, welcome to the forums.

What are the port numbers involved? They look big. I cannot make them out in your picture. Can you post a close up so we can see more detail please? Since they’re all WOS blocked UDPs, from the Source IP to the Date would be good. Thanks.

yes sure, though the picture will be shown as a link.
well here is the pic link: http://img9.imageshack.us/img9/1144/commodobugging.jpg

Since you’ve ran for 3 years without seeing these before, it is possible a process that was previously running and handling these connections is no longer present. Thus the Windows Operating System blocks. So, possibly you should be looking at the Event logs for application errors or missing processes. However, on the flip side, what is UDP 57373? I’m not sure and naturally, I find it deeply suspicious. ;D Have you had any AV detections recently? Anything in the logs (any/all logs)? Run any clean up programs recently? Who’s your ISP? Any change on the ISP side recently? Been doing any remote desktop’ing or like connections? SQL?

PS Sorry for the barrage of questions. :slight_smile:

Been using OpenVPN (or something like it) recently?

my inet is now completly down, can’t even get access to other pc in my network.
well, to answer the questions, im in a big network in a student home, but my roommate has no problems with his inet, so i guess cmd is the evil blocker.
i searched through my event logs, but couldn’t find anything usefull. almost all dates are before the operating system blocking. the operating system is blocked since today, there was only one recent virus warning (while installing “runes of magic”, an online rpg, one of the downloaded files was shown to be a thread, so i irgnored it once while installing, there was no warning about it since), svchost.exe was blocked today, after operating system was blocked, but i redefined svchost.exe in cmd and i guess it was due to the operating block.
i didn’t use any cleaning software, but i cleaned out all cookies, temp and temporary inet files.
my inet provider seems to be fine, i didn’t do any remotedesktop’ing or such, i have absolutely no clue what the udp 57373 could be, don’t really know what sql is and also am not sure what openvpn is…
edit: i looked through my firewall log again and noticed that a single ip (10.10.5.46) from my network was shown numerous times, trying to connect to my pc. i share some movie files in the network, could it be, that by connecting to my computer or causing a problem doing so,the connecting computer caused comodo to block my operating system?? should i block this ip or something??

Student LAN? I’m sorry. Ok, well… 10.10.5.46 is still knocking on the door, so to speak. And given that all the other connections attempts are all using the same destination port number, I suspect that this is some sort of super amazing multi-user educational application or something… or it could be a game? :)… that you’re currently not running.

In any event, given that you’re on a open student LAN (ie. the second most dangerous cyber zone on the planet) :wink: … should you really be sharing with all the other LAN members? Assuming you have static LAN IP addresses (ie. they don’t change) I would recommend, at least, limiting it to your trusted friends systems.
[i]
PS Please post a picture of your Global Rules and My Network Zones, thanks.

edit[/i]

i’m sorry, my english is not the best (i’m german),so i propably didn’t make myself clear. i live in a student home and all pc’s here are in one big network, using all the same router and so yes, i got a static ip. but my shared files, for example the videos. are only free to watch, but not to change.
none the less, could it be that cmd blocks my operating system cause there is still some connection from that ip ? why is the destination port always the same ?

My apologies. I think we understand each other… but, just to be sure.

If a running process using port 53737 is stopped, then it is likely that the other users will continue to try and use that port. However, since no process has that port open they will bounce off the Windows Operation System and be ignored. Ok?

Bad German translation…

Ich denke, dass wir einander .. verstehen aber, gerade sicher zu sein. Wenn ein Führen-Prozess-Verwenden-Hafen 53737 angehalten wird, dann ist es wahrscheinlich, dass die anderen Benutzer fortsetzen werden, abzuurteilen und diesen Hafen zu verwenden. Jedoch, da kein Prozess diesen Hafen offen hat, werden sie vom Windows-Operationssystem springen und ignoriert.
Ok? ;D

Guten Abend. Ich spreche Deutsch und komme aus die Niederlande.

I think your English is fine. How do you share your movies on the local network? Do you use a separate program to share? Or did you set certain folders as shared in Windows?

i can surf [at] low speed, but downloading or uploading is impossible, cause after a few minutes, my inet just goes down.
This sounds like one or more persons at your LAN may be running peer to peer clients that are not set up properly.....

Because you have traffic from the web coming in on port 53757 through your router there must be an open port. May be Universal Plug and Play (uPnP) was used to open the port. The router needs to be set to allow opening and closing of ports by uPnP by users.

You can try UPNP Port Mapper 1.0 to see if there is an open port on the router and close it. (I just recently found this tool and I tried it on Win 7 but it would not work there. But it should work on 2000,XP and Vista).

thanks a lot for your instant help. i will imform our inet admin and see what i can do.

sorry for the doppel post, but i have some new problem and think its related to my operating system , so i just decided to continue this thread :wink:
well my computer worked well after i changed some cmd settings for the operating system. our inet admin is temporary not available, but it seems like the traffic from other computers in my network stopped anyways.
but since about 3 days, if my computer runs a little longer, my w32 network host quits working. i get an error message explaining that the prozess stopps, my network connection is cut off and quite weird but propably related , my sound stops working. winamp for instant shows me an error message like bad sound driver.
so far i had this problem about 5 times total, but its getting freaking annoying.

thx for your help in advance!

What version of CIS are you running? Do you have have long periods (think hours and hours) where you run a peer to peer client, an online stream or anything else that uses the internet continuously?

What do you mean with “my w32 network host quits working.”? I am not sure if I know what you are referring to. Can you post a screenshot of the error mesaage it gives?
Can you also show a screenshot with the Winamp error message?

i have cis version 3.11.108364.552. i usually don’t use any peer to peer client, some times i use torrent (azureus) but it has been a while. i often have firefox running and downloading some series per dll.
the error message about w32 seems to come randomly, but next time it occurs i’ll screen and post it.
same with the sound error.

*edit:the error occured again. i made two screenshots, one of the w32 error with details and one of the winamp error that follows, if the first one happens.
hope u can help me, thx in advance.
http://img210.imageshack.us/img210/9994/w32bug.jpg
http://img340.imageshack.us/img340/7109/winampsoundbug.jpg

it happend again today, a few minutes ago. this time winamp was running while the win32 service went down and winamp was fine. no sound problems or anything. i guess the error in winamp occured if winamp wants to connect to the inet and can’t. my main problem still remains though…

I see now what you meant with the error reported. I also see you are using a pre SP3 version of Windows XP. Your version number of svchost.exe is 5.1.2600.2180. The version number of my svchost.exe on XP SP3 reads 5.1.2600.5512. What Service Pack does your installation have? Notice that CIS supports XP from SP2 and up.

This is an error of an important Windows system file. Best way of getting rid of this one is to install SP3. As for the Winamp error it complains about the Direct Sound driver from Direct X. Please update Direct X to the latest version and see if that helps. You can get it here: Download DirectX 9.29.1974.1 for Windows - Filehippo.com .

alright, i updated my driver and have now xp sp3 installed. hopefully everything is back to normal =)
thx a lot for your help. ;D

Let us know in a couple of days if it worked out.

hi again,
i installed SP3 and i had no problems since then . i also found the reason for the problem that caused the operating system blocking (i somehow put a video file from a network resource in my student network on torrent as my shared files ).
but then, the problem with the svchost.exe suddenly occurd again some minutes ago.
i got curious and looked into my task manager and there are 5 svchost.exe files running…i’m not sure if thats right…and in cmd firewall active connections is also a entry about svchost connecting to some outgoing udp…i made a screenshot and cut out the cmd active connections and the task manager entries.
http://img11.imageshack.us/img11/7200/svchostbug.jpg
should it be this way or could it be i got some sort of a svchohst file that connects out and disturbs my whole network ?

It is perfectly normal to have multiple instance of svchost.exe running. On Vista or Win 7 you will see more. On my Win 7 I have 12 instances currently running.

Do you mean svchost.exe crashed again?