The problem has just started within the last month or two. Three things during that period come to mind as perhaps bearing on the problem:

1. I downloaded the latest update to ZoneAlarm Internet Security Suite (ZAISS).

2. I used Microsoft (MS) Update for the first time (previously used Windows Update), then followed instructions and my own instincts to remove the "evil updates": Windows Genuine Advantage (WGA) Validation and Notification Tools, collectively known as Windows Genuine Spyware.

3. After the two actions above, I began receiving alerts from ZAISS that Generic Windows Service (svchost) is requesting access to the Internet...for IP addresses, port 135; 22x.x.x.x (e.g.,, 6x.x.x.x,, and maybe some others. The first request usually happens early, sometimes before I even open access to the Internet, and mostly only once. The others tend to happen when I start a browse to a site with ads. When I click for details and choose the tab for hacker info, the site identified by whois is always on the east quadrant of the north coast of Australia.

I strongly suspect that I've been compromised somehow, but none of my anti-malware products can find anything.

I have started collecting information as it becomes relevant, but I'm just starting to do so.

Does anyone have information on this issue? What additional data, including attributes of my system, should I collect?

Operating System:Windows XP Pro
Software Version:8.0
Product Name:ZoneAlarm Internet Security Suite