Bitcoin Forum
May 22, 2024, 09:03:58 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Trading Discussion > Fun with Paxful
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Fun with Paxful  (Read 572 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
October 12, 2016, 11:27:24 AM
 #1
Well, I have found a new level of virus yesterday.  This shit is getting old.  First time for me in a long time, but I hear it all the time.  I have not used Paxful in some time, and this is not their fault, just how it happened.  I did a small trade on there resulting in around $8 in BTC coming to me, in the Paxful wallet.  Within two seconds of it hitting the wallet, I literally watched the site begin a TX to another address, obviously not mine. 

I emailed them because I thought perhaps it was something I set up months ago and maybe it was an old address of mine that I needed to track, but no.  They said browser extension, I doubt that, I know each one well. Must be some virus from a wallet.  It is a small amount, but a pain in the ass because I now have to track it down before trading there again.  Anyone else have this happen?  Oh, and I did look, the money was in and out of that address quick as shit.
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
October 12, 2016, 09:20:44 PM
Last edit: October 12, 2016, 11:21:18 PM by morantis
 #2
Once i more time to sit and look at Paxful, I saw that I had a couple of far off logins over the past few weeks.  I am going to find the first one and look at my PC logs and see what I installed that day or right before.  It is always a wallet file for a new coin that gets me.  I will let you guys know if I find a specific culprit.

EDIT: Actually more interesting than I thought.  The only login or account activity that is not me is from Brazil six months ago.  This PC is the only one I use for Paxful and it completely reinstalled with the Windows 10 Anniversary update less than a month ago.  Paxful mentioned a browser extension, but I trust all those and they have been there forever, unchanged.  It is Firefox and the extensions are very mainstream except for "Guru".  It should have nothing to do with Bitcoins, it is a Wiki type building addon to add content to Slack, but it is only two days old, maybe three.  I would point at that add-on, but it seems very strange.  The outward TX is at 12:34 and the trade in TX 12:33, with no other logins or account activity, that means that either the site did it or my PC did this, through the browser or otherwise.  I am going to try tearing that Guru extension apart and see what I can find.  If I recall they are pretty open files and easy to explore.

Last Edit:I think?  Well, that is the most drawn out mess of code I have ever seen.  More than 18,000 lines to do what I believe is simply aggregate web data.  The first 5,000 lines are very dense hexing and hashing, so I cannot take the time to piece through it.  I do not think that a common public Firefox addon that has nothing to do with Bitcoin would hit me on Paxful.  Breaking down and SpyBotting a full deep scan.  I cannot believe this one, very sophisticated.  Literally sent money from Paxful in front of my eyes, no way to stop it.  Went back to 2FA which makes mobile a pain, but it is worth it.  Good luck guys and watch for this one, maybe Spybot will have a location.
Adamsmit556
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile WWW
October 12, 2016, 11:18:58 PM
 #3
Sounds strange... Let us know what you find.
BUY BITCOINS INSTANTLY

SELL BITCOINS ON PAXFUL AS A VENDOR
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
October 12, 2016, 11:23:31 PM
 #4
Quote from: Adamsmit556 on October 12, 2016, 11:18:58 PM
Sounds strange... Let us know what you find.

I will.  This would literally have to watch from outside the browser for the url, then watch for a positive balance and then pretty much run a macro, lol, the last part is easy, but constant browser watching without killing processor speed would be a fun code to write.  Hell, who needs the password when you can use the site the user is already logged into.
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
October 13, 2016, 02:10:40 AM
 #5
To A new user this might look bad, but this is a pretty standard SpyBot report.  Most of the little "helpers" are not a problem and just get picked up, most of the rest are standard tracking lists in Windows that Spybot cleans up on the way through.  Nothing scary here.


Code:
Search results from Spybot - Search & Destroy

10/12/2016 10:00:46 PM
Scan took 01:26:39.
70 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.paypalobjects.com\PayPalLSO.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=93
  Properties.md5=xxxxx
  Properties.filedate=1474891288
  Properties.filedatetext=2016-09-26 12:01:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.paypalobjects.com\ppLsoTest.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=48
  Properties.md5=xxxx
  Properties.filedate=1474903633
  Properties.filedatetext=2016-09-26 15:27:13

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\aa.online-metrix.net\fpc.swf\session.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=76
  Properties.md5=xxxx
  Properties.filedate=1475156605
  Properties.filedatetext=2016-09-29 13:43:25

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\kaptcha.com\logo.swf\k.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=70
  Properties.md5=xxxxx
  Properties.filedate=1475774785
  Properties.filedatetext=2016-10-06 17:26:24

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\www.cdn-net.com\s.swf\_cc.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=54
  Properties.md5=xxxx
  Properties.filedate=1475762237
  Properties.filedatetext=2016-10-06 13:57:16

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\aug.americanexpress.com\collector\s.swf\_cc.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=66
  Properties.md5=xxxxx
  Properties.filedate=1474901877
  Properties.filedatetext=2016-09-26 14:57:56

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\moran\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3NC4F65\bitpay.com\downloads\storage.swf\bitpay.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=46
  Properties.md5=xxxx
  Properties.filedate=1475153309
  Properties.filedatetext=2016-09-29 12:48:28

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): moran) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): moran) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

LinkSynergy: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: moran (default-1475701756627)) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Log: [SBI $4E2AF2AC]  Install: comsetup.log (File, nothing done)
  C:\WINDOWS\comsetup.log
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=13181
  Properties.md5=Axxxx0BDE
  Properties.filedate=1475156143
  Properties.filedatetext=2016-09-29 13:35:43

Log: [SBI $4E2AF2AC]  Install: setupact.log (File, nothing done)
  C:\WINDOWS\setupact.log
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=11817
  Properties.md5=56xxxxB779E
  Properties.filedate=1476302094
  Properties.filedatetext=2016-10-12 19:54:54

Log: [SBI $4E2AF2AC]  Install: DtcInstall.log (File, nothing done)
  C:\WINDOWS\DtcInstall.log
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=4176
  Properties.md5=xxxx098
  Properties.filedate=1475157078
  Properties.filedatetext=2016-09-29 13:51:17

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\Sxxxx-1001\Software\Microsoft\Internet Explorer\TypedURLs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5xxxx8214637-1001\Software\Microsoft\Microsoft Management Console\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-xxxx-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
  HKEY_USERS\S-1xxxx8214637-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $585AC39A] Open with list - .C extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.C\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $99432203] Open with list - .CFG extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-xx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $066FF462] Open with list - .CLASS extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5xxxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLASS\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5xxx-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-x-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-x-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-x-4278214637-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-x-4278214637-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5x
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-x
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3140884443-x
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $49804B54] Browser: Cookie (19) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $49804B54] Browser: Cache (680) (Browser: Cache, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $49804B54] Browser: History (550) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $49804B54] Browser: Cookie (4342) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

History: [SBI $49804B54] Browser: History (305) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.6.44.134  DLL (build: 20160321) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-09-11 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-07-31 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-09-07 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-11-03 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2016-08-31 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2016-06-22 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2016-06-14 Includes\Malware-004.sbi (*)
2016-06-22 Includes\Malware-005.sbi (*)
2016-01-18 Includes\Malware-006.sbi (*)
2015-10-29 Includes\Malware-007.sbi (*)
2016-09-07 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-09-07 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2015-02-25 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-08-10 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2015-11-17 Includes\Trojans-000.sbi (*)
2015-11-19 Includes\Trojans-001.sbi (*)
2015-11-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2016-01-22 Includes\Trojans-004.sbi (*)
2015-11-25 Includes\Trojans-005.sbi (*)
2015-11-30 Includes\Trojans-006.sbi (*)
2016-01-27 Includes\Trojans-007.sbi (*)
2015-11-16 Includes\Trojans-008.sbi (*)
2015-04-21 Includes\Trojans-009.sbi (*)
2016-09-07 Includes\Trojans-C.sbi (*)
2016-02-02 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2015-11-09 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
October 21, 2016, 06:59:56 AM
 #6
Just letting everyone know they were still working on this is been a very long week.
Pages: [1]
  Print  
Bitcoin Forum > Economy > Trading Discussion > Fun with Paxful
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!