I use an assembled desktop with an 1.5 Tb Western Digital hard drive,Intel Core i3 3.2Ghz processor and 4 Gb RAM running Windows XP SP3.
Antivirus and anti-spyware: Symantec Endpoint Protection 11; Spybot Search and Destroy;Zonealarm Free Firewall;Microsoft Security Essentials.
I used to have Ad-Aware Free ver.9 and in mid January 2013 it identified the tcpip.sys file as being infected with a trojan which it called Win32.Trojan.Agent. I scanned the file with Virustotal where 5/46 programmes identfied a Trojan:
2. I replaced the system image with an earlier version but the Virustotal result was identical. Thereafter I replaced tcpip.sys from a Windows XP CD and scanned again with Virustotal. The Hacker identified it as Trojan/Spy.Zbot.yw. Earlier it had identified tcpip.sys as Trojan/Spy.Zbot.jf.The four other programmes which had positives earlier, viz. eSafe, Ikarus,nProtect,TrendMicro-Housecall found nothing. Virusscan.Jotti found nothing. However The Hacker in Virscan.org found Trojan/Spy.Zbot.yw just as it had in Virustotal.
3. I used online/downloadable scanners from TrendMicro-Housecall, nProtect, E-set smart security F-Secure, Microsoft Safety Scanner and Kaspersky without a positive finding. I uploaded tcpip.sys to the virus analysis centres of Fortinet, Kaspersky and Avira all without a positive finding for malicious code.
As I found Ver. 10 of Ad-Aware intrusive, I did not install it again to check tcpip.sys. I am coming around to the view that The Hacker found a false positive. Yet, as Trojan/Spy.Zbot.yw is dangerous, I would like additional confirmation and await your advice.