Title: Fun with Paxful
Post by: morantis on October 12, 2016, 11:27:24 AM
Well, I have found a new level of virus yesterday. This shit is getting old. First time for me in a long time, but I hear it all the time. I have not used Paxful in some time, and this is not their fault, just how it happened. I did a small trade on there resulting in around $8 in BTC coming to me, in the Paxful wallet. Within two seconds of it hitting the wallet, I literally watched the site begin a TX to another address, obviously not mine.
I emailed them because I thought perhaps it was something I set up months ago and maybe it was an old address of mine that I needed to track, but no. They said browser extension, I doubt that, I know each one well. Must be some virus from a wallet. It is a small amount, but a pain in the ass because I now have to track it down before trading there again. Anyone else have this happen? Oh, and I did look, the money was in and out of that address quick as shit.
Title: Re: Fun with Paxful
Post by: morantis on October 12, 2016, 09:20:44 PM
Once i more time to sit and look at Paxful, I saw that I had a couple of far off logins over the past few weeks. I am going to find the first one and look at my PC logs and see what I installed that day or right before. It is always a wallet file for a new coin that gets me. I will let you guys know if I find a specific culprit.
EDIT: Actually more interesting than I thought. The only login or account activity that is not me is from Brazil six months ago. This PC is the only one I use for Paxful and it completely reinstalled with the Windows 10 Anniversary update less than a month ago. Paxful mentioned a browser extension, but I trust all those and they have been there forever, unchanged. It is Firefox and the extensions are very mainstream except for "Guru". It should have nothing to do with Bitcoins, it is a Wiki type building addon to add content to Slack, but it is only two days old, maybe three. I would point at that add-on, but it seems very strange. The outward TX is at 12:34 and the trade in TX 12:33, with no other logins or account activity, that means that either the site did it or my PC did this, through the browser or otherwise. I am going to try tearing that Guru extension apart and see what I can find. If I recall they are pretty open files and easy to explore.
Last Edit:I think? Well, that is the most drawn out mess of code I have ever seen. More than 18,000 lines to do what I believe is simply aggregate web data. The first 5,000 lines are very dense hexing and hashing, so I cannot take the time to piece through it. I do not think that a common public Firefox addon that has nothing to do with Bitcoin would hit me on Paxful. Breaking down and SpyBotting a full deep scan. I cannot believe this one, very sophisticated. Literally sent money from Paxful in front of my eyes, no way to stop it. Went back to 2FA which makes mobile a pain, but it is worth it. Good luck guys and watch for this one, maybe Spybot will have a location.
Title: Re: Fun with Paxful
Post by: Adamsmit556 on October 12, 2016, 11:18:58 PM
Sounds strange... Let us know what you find.
Title: Re: Fun with Paxful
Post by: morantis on October 12, 2016, 11:23:31 PM
Sounds strange... Let us know what you find.
I will. This would literally have to watch from outside the browser for the url, then watch for a positive balance and then pretty much run a macro, lol, the last part is easy, but constant browser watching without killing processor speed would be a fun code to write. Hell, who needs the password when you can use the site the user is already logged into.
Title: Re: Fun with Paxful
Post by: morantis on October 13, 2016, 02:10:40 AM
To A new user this might look bad, but this is a pretty standard SpyBot report. Most of the little "helpers" are not a problem and just get picked up, most of the rest are standard tracking lists in Windows that Spybot cleans up on the way through. Nothing scary here. Search results from Spybot - Search & Destroy
10/12/2016 10:00:46 PM Scan took 01:26:39. 70 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.paypalobjects.com\PayPalLSO.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=93 Properties.md5=xxxxx Properties.filedate=1474891288 Properties.filedatetext=2016-09-26 12:01:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.paypalobjects.com\ppLsoTest.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=48 Properties.md5=xxxx Properties.filedate=1474903633 Properties.filedatetext=2016-09-26 15:27:13
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\aa.online-metrix.net\fpc.swf\session.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=76 Properties.md5=xxxx Properties.filedate=1475156605 Properties.filedatetext=2016-09-29 13:43:25
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\kaptcha.com\logo.swf\k.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=70 Properties.md5=xxxxx Properties.filedate=1475774785 Properties.filedatetext=2016-10-06 17:26:24
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.cdn-net.com\s.swf\_cc.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=54 Properties.md5=xxxx Properties.filedate=1475762237 Properties.filedatetext=2016-10-06 13:57:16
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\aug.americanexpress.com\collector\s.swf\_cc.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=66 Properties.md5=xxxxx Properties.filedate=1474901877 Properties.filedatetext=2016-09-26 14:57:56
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\bitpay.com\downloads\storage.swf\bitpay.sol Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=46 Properties.md5=xxxx Properties.filedate=1475153309 Properties.filedatetext=2016-09-29 12:48:28
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): moran) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): moran) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Log: [SBI $4E2AF2AC] Install: comsetup.log (File, nothing done) C:\WINDOWS\comsetup.log Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=13181 Properties.md5=Axxxx0BDE Properties.filedate=1475156143 Properties.filedatetext=2016-09-29 13:35:43
Log: [SBI $4E2AF2AC] Install: setupact.log (File, nothing done) C:\WINDOWS\setupact.log Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=11817 Properties.md5=56xxxxB779E Properties.filedate=1476302094 Properties.filedatetext=2016-10-12 19:54:54
Log: [SBI $4E2AF2AC] Install: DtcInstall.log (File, nothing done) C:\WINDOWS\DtcInstall.log Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54 Properties.size=4176 Properties.md5=xxxx098 Properties.filedate=1475157078 Properties.filedatetext=2016-09-29 13:51:17
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\Sxxxx-1001\Software\Microsoft\Internet Explorer\TypedURLs Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done) HKEY_USERS\S-1-5xxxx8214637-1001\Software\Microsoft\Microsoft Management Console\Recent File List Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-xxxx-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done) HKEY_USERS\S-1xxxx8214637-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $585AC39A] Open with list - .C extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.C\OpenWithList Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $99432203] Open with list - .CFG extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-xx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $066FF462] Open with list - .CLASS extension (Registry Key, nothing done) HKEY_USERS\S-1-5xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLASS\OpenWithList Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done) HKEY_USERS\S-1-5xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-x-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-x-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-x-4278214637-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-x-4278214637-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done) HKEY_USERS\S-1-5x Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done) HKEY_USERS\S-1-5-21-x Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3140884443-x Category=Tracks ThreatLevel=2 Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (19) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (680) (Browser: Cache, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $49804B54] Browser: History (550) (Browser: History, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (4342) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $49804B54] Browser: History (305) (Browser: History, nothing done) Category=Browser ThreatLevel=1 Weblink=http://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151) 2014-06-24 explorer.exe (2.4.40.181) 2014-06-24 SDBootCD.exe (2.4.40.109) 2016-03-21 SDCleaner.exe (2.6.44.110) 2014-06-24 SDDelFile.exe (2.4.40.94) 2013-06-18 SDDisableProxy.exe 2014-06-24 SDFiles.exe (2.4.40.135) 2014-06-24 SDFileScanHelper.exe (2.4.40.1) 2014-06-24 SDFSSvc.exe (2.4.40.217) 2014-06-24 SDHelp.exe (2.4.40.1) 2014-04-25 SDHookHelper.exe (2.3.39.2) 2014-04-25 SDHookInst32.exe (2.3.39.2) 2014-04-25 SDHookInst64.exe (2.3.39.2) 2016-03-21 SDImmunize.exe (2.6.44.130) 2014-06-24 SDLogReport.exe (2.4.40.107) 2014-06-24 SDOnAccess.exe (2.4.40.11) 2014-06-24 SDPESetup.exe (2.4.40.3) 2014-06-24 SDPEStart.exe (2.4.40.86) 2014-06-24 SDPhoneScan.exe (2.4.40.28) 2014-06-24 SDPRE.exe (2.4.40.22) 2014-06-24 SDPrepPos.exe (2.4.40.15) 2014-06-24 SDQuarantine.exe (2.4.40.103) 2014-06-24 SDRootAlyzer.exe (2.4.40.116) 2014-06-24 SDSBIEdit.exe (2.4.40.39) 2016-03-21 SDScan.exe (2.6.44.181) 2014-06-24 SDScript.exe (2.4.40.54) 2016-03-21 SDSettings.exe (2.6.44.141) 2014-06-24 SDShell.exe (2.4.40.2) 2014-06-24 SDShred.exe (2.4.40.108) 2014-06-24 SDSysRepair.exe (2.4.40.102) 2014-06-24 SDTools.exe (2.4.40.157) 2014-06-24 SDTray.exe (2.4.40.129) 2014-06-27 SDUpdate.exe (2.4.40.94) 2014-06-27 SDUpdSvc.exe (2.4.40.77) 2014-06-24 SDWelcome.exe (2.4.40.130) 2014-04-25 SDWSCSvc.exe (2.3.39.2) 2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0) 2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0) 2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0) 2014-07-31 spybotsd2-translation-esx.exe 2013-06-19 spybotsd2-translation-frx.exe 2015-03-25 spybotsd2-translation-hrx.exe 2014-08-25 spybotsd2-translation-hux2.exe 2014-10-01 spybotsd2-translation-nlx2.exe 2014-11-05 spybotsd2-translation-ukx.exe 2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0) 2016-09-11 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2016-03-21 DelZip192.dll (1.9.2.132) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2014-04-25 NotificationSpreader.dll 2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98) 2015-03-25 SDAV.dll 2014-06-24 SDECon32.dll (2.4.40.114) 2014-06-24 SDECon64.dll (2.3.39.113) 2014-06-24 SDEvents.dll (2.4.40.2) 2014-06-24 SDFileScanLibrary.dll (2.4.40.14) 2014-04-25 SDHook32.dll (2.3.39.2) 2014-04-25 SDHook64.dll (2.3.39.2) 2014-06-24 SDImmunizeLibrary.dll (2.4.40.2) 2014-06-24 SDLicense.dll (2.4.40.0) 2014-06-24 SDLists.dll (2.4.40.4) 2014-06-24 SDResources.dll (2.4.40.7) 2016-03-21 SDScanLibrary.dll (2.6.44.134) 2014-06-24 SDTasks.dll (2.4.40.15) 2014-06-24 SDWinLogon.dll (2.4.40.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2014-06-24 Tools.dll (2.4.40.36) 2015-07-31 Includes\Adware-000.sbi (*) 2015-08-05 Includes\Adware-001.sbi (*) 2016-09-07 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-11-14 Includes\Dialer-000.sbi (*) 2014-11-14 Includes\Dialer-001.sbi (*) 2015-07-29 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-11-03 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2013-04-11 Includes\HeavyDuty.sbi (*) 2014-11-14 Includes\Hijackers-000.sbi (*) 2014-11-14 Includes\Hijackers-001.sbi (*) 2015-12-23 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-11-14 Includes\Keyloggers-000.sbi (*) 2016-08-31 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2015-06-25 Includes\Malware-000.sbi (*) 2016-06-22 Includes\Malware-001.sbi (*) 2016-06-14 Includes\Malware-002.sbi (*) 2015-11-19 Includes\Malware-003.sbi (*) 2016-06-14 Includes\Malware-004.sbi (*) 2016-06-22 Includes\Malware-005.sbi (*) 2016-01-18 Includes\Malware-006.sbi (*) 2015-10-29 Includes\Malware-007.sbi (*) 2016-09-07 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2014-01-13 Includes\MalwareC.sbi (*) 2014-11-14 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2016-09-07 Includes\PUPS-C.sbi (*) 2014-01-13 Includes\PUPS.sbi (*) 2014-01-13 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2015-12-02 Includes\Security-C.sbi (*) 2014-01-08 Includes\Security.sbi (*) 2014-01-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2015-02-25 Includes\Spyware-000.sbi (*) 2015-05-06 Includes\Spyware-001.sbi (*) 2016-08-10 Includes\Spyware-C.sbi (*) 2014-01-13 Includes\Spyware.sbi (*) 2014-01-08 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2015-11-17 Includes\Trojans-000.sbi (*) 2015-11-19 Includes\Trojans-001.sbi (*) 2015-11-25 Includes\Trojans-002.sbi (*) 2016-01-20 Includes\Trojans-003.sbi (*) 2016-01-22 Includes\Trojans-004.sbi (*) 2015-11-25 Includes\Trojans-005.sbi (*) 2015-11-30 Includes\Trojans-006.sbi (*) 2016-01-27 Includes\Trojans-007.sbi (*) 2015-11-16 Includes\Trojans-008.sbi (*) 2015-04-21 Includes\Trojans-009.sbi (*) 2016-09-07 Includes\Trojans-C.sbi (*) 2016-02-02 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2015-11-09 Includes\Trojans-ZB-000.sbi (*) 2016-02-03 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-09 Includes\TrojansC-02.sbi (*) 2014-01-09 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-09 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*)
Title: Re: Fun with Paxful
Post by: morantis on October 21, 2016, 06:59:56 AM
Just letting everyone know they were still working on this is been a very long week.
|