I have been using Spybot S&D for a number of years now...great product! I also have CA AntiSPyware on my computer. Every Wednesday when I download the new updates and immunize I always get a reading from my CA AntiSpyware that I have a downloader called koolynoody. Does anybody else experience this? I download from BNS file forum mirror. The CA AntiSpware is free from my cable company. Also I am in the process of making a new Administrator account...so currently I have 2 Admin. Accts and will delete the other one when I am done. On the advanced mode on Spybot S&D it is showing two tea timers...one for each Admin. Acct. Is this normal? Should there be 2 tea timers or only one?

Sorry...I forgot to say on the advanced mode in Spybot S&D...on the startup I see 2 tea timers instead of only one.

If the reading from ca antispyware only happens when you immunize Spybot,it is most likely a false positive.Does ca sntispyware show the location of it??It may look something like this:
hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net

Spybot shows Teatimer twice in System Startup when both me and the other account are logged on,but not when we're not both logged on.Are both accounts logged on when you see teatimer listed twice in startup?

Sorry I didn’t get back to you earlier. Right now I am using a limited account with only 1 instance of this koolynoody. On the Admin. Acct. it shows 7 different. The one on the limited acct. reads hkey_current_user\software\microsoft\windows\current version\internet settings\zonemap\domains\koolynoody.net
Do you need to know the other 6? And no, I was not logged on to both Admin. Accounts and it read 2 tea timers.
Another scary thing was that I ran the runalyzer from your site while I was online and it said that I had over 4,000 hidden processes!! I was so surprised I almost spit my Red Bull on the computer screen! I tried to save the file but I accidentally turned it off. I ran it again and it said there were no hidden processes!?!

you did google koolynoody

here is a link at Wilders

http://www.wilderssecurity.com/showthread.php?t=214536

Lol,don't do that,that's a waste of a good Red Bull.

re:teatimer:Actually,I made a mistake.Checking again with one logged on account,there are two teatimers in the startup list.So,that should all be okay. :)

Yes,the koolynoody ca antispyware is detecting is almost certainly a false positive,so long as the value in the registry is 4.Spybot adds that entry to the registry as part of it's immunization,to help protect your computer.The link wyrmrider posted will help explain that.There is also a post by md usa spybot fan explaining immunization a little further:
http://forums.spybot.info/showthread.php?t=281
You can show me the location of the other 6 just to be on the safe side,though,if you like.

As for runalyzer,I haven't used it for awhile.So,it might be best if you asked about it in the runalyzer forum:
http://forums.spybot.info/forumdisplay.php?f=8

Oh,and to clarify,it was runalyzer you ran,and not rootalyzer?
If it was runalyzer,which option did you choose when you first ran it,was it the full tour?

:oops:Sorry again! That was rootalyzer and not runalyzer. I am still worried about that one! That was and still is a real shocker that almost made me waste my Red Bull...lol! Thanks for the info on the false positive! The other entries were about the same and I am fairly certain that they were for different accounts that are on this computer. I have seperate accounts for games, etc.

You're welcome.If the other entries ca antispyware found are the same,then it most probably is safe to get ca antispyware to ignore them,so it doesn't remove those entries from Spybot's immunization. :)


Sorry again! That was rootalyzer and not runalyzer.
No problem. :)
When you ran Rootalyzer the first time,did you perform the deep scan,or the quick scan?

When I ran Rootalyzer the first time it was the quick scan. I am worried about that one. I didn't run the Rootalyzer today yet. I will when I finish my Red Bull...lol! And thanks to wyrmrider also!

:laugh: Yes,save that Red Bull.
I suggest posting in the rootalyzer forum,and asking about the 4000 hidden processes there.
http://forums.spybot.info/forumdisplay.php?f=46

How is it going?