We used to receive ip directed popup windows mass messages. I blocked 135,137-39, 445 ports and they stopped. Now they have started to come again.
Check your Windoze boxes, you'll see they are listening on one or more ports in the TCP/1024 - TCP/1027 range as well. These ports can also be used to send pop-ups.
As a side note however, it sounds like you are trying to block what you are worried about and let everything else through, rather than only letting through what you need and blocking everything else. If you had taken the latter stance with your perimeter, this would be a mute issue as you would not have the ports open anyway.
Just my $.02, C
