HELLO to all.
After i run a full scan using spy sweeper i get the results and this is the log-

04:09: | Start of Session, 20 July 2006 |
04:09: Spy Sweeper started
04:09: Sweep initiated using definitions version 721
04:09: Starting Memory Sweep
04:16: Memory Sweep Complete, Elapsed Time: 00:06:50
04:16: Starting Registry Sweep
04:17: Registry Sweep Complete, Elapsed Time:00:00:59
04:17: Starting Cookie Sweep
04:17: Cookie Sweep Complete, Elapsed Time: 00:00:00
04:17: Starting File Sweep
05:02: Found System Monitor: potentially rootkit-masked files
05:02: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0)
05:02: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat (ID = 0)
05:04: File Sweep Complete, Elapsed Time: 00:47:09
05:04: Full Sweep has completed. Elapsed time 00:55:07
05:04: Traces Found: 2
05:09: Your spyware definitions have been updated.

After i try to remove the potentially root kit masked files i get the message that some traces can only be removed after i re start my pc.
when i do this it is still found again when i run a new scan.

Any help would be great. ( i am a novice at this )

MANY thanks prawn.

I was browsing the forum and came across ribinin's post (webroot detected but didn't remove ) looks very much like the same problem as me.
I have ie7 installed as well.

Thanks prawn

Theses two dat files are false positives. The spyseeper log file shows no indication of a rootkit.

The dat files belongs to the antiphishing feature part of IE7.

You may try clearing your temporary internet files and see if that helps.

Good Morning AbuIbrahim.

Thanks for your time in helping me. I have cleaned my temp files using the new feature in ie7 and using atf cleaner so that should help.
One question- can i learn anywhere about these false-positive, really i would like to read up and have a better idea about the problem.

MANY thanks,
prawn.

Hello prawn,

Actualy an almost exact question was posted a week ago. Please see: /t161766-Webroot_detected_but_didnt_remove.html

Personaly, the best place to learn about false-positives is from www.google.com
So in the future if you do fnd something doughtful you can search for it to determine whether it is safe or not.

For an example in our case, we found a potentialy rootkit masked file: 6729bbf9-d54c-48cb-a4d7-ad400339d808.dat
By googling the dat file and skimming through the results you will find out that it all leads to the following path:
%userprofile%\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat
The next step, google the antiphishing folder
and you will find that the results indicate it belongs to IE7 and thats what you have. However, as a person like me who never saw IE7 and what it has, I will do another google for IE7 along with antiphishing and from there I would learn that it is an integrated add-in. You can also add the keyword 'hidden' in google and find that IE7 hides the antiphishing folder along with its contents.

I hope this helps.

HELLO to you AbuIbrahim.

Sorry about the delay in responding, but i have to work

I have allready looked at that posting, and yes like you say it looks just like my posting.

As far as the advice you gave using google, i have just tried all your advice and yes you are spot on, i found the information i needed in the first place.

So all i can say is THANKS for your time,

All the best in your fight against malware,

Prawn.