Topic: 10000 PIVX STOLEN - page 3. (Read 6585 times)

I'd say that most people who have encrypted their wallet, know what dumpprivkey does anyway

after having read this, I tried to go dump my private key, and it didnt work...because my wallet is ENCRYPTED.

Make sure to encrypt your wallets my friends.

I did today same thing because support didn't answered three days and someone helpped me. I did not sent my privatekey but i installed a file he sent me filezilla. After installing block and chain dir on VPS the moneu automatically flew from my account.

yes im sure i will make it back

currently holding

TRST
WAVES
XRP
XEM
STEEM
MAID
ARK
GNT
REP

any good tips for upcoming ICO?

don't worry there is plenty of profit to do here in crypto, even if you lost a big amount witht he right choice you can re-do it quickly, it just a matter of luck and search for the right altcoin that can give you a big amount of bitcoin, try to seek for those coins that are cheap or those that have a good traction and are bound to be pumped eventually in the near future

Never ever give your privatekey to anyone. Never. ever. Not even the dev, not even your wife.

Instead print it out as a backup and make sure you never loose it.

Privatekey = your coins

Better luck next time.

Hey, we all make mistakes - think of it as tuition.
Reminds me of the 300 DASH we sent to DZ to set up a masternode a few years back.
Then he scammed us and took the DASH. 
Killed my appetite for masternodes ever since.

In all seriousness, I would honestly consider rethink investing in newer cryptos if you had trouble setting up things like a node yourself, and especially if you were willing to send your private key to other people, even if they were a real dev it'd be insane.

i haven't used slack. there is the btctalk ann page and alt discussion, you can get info and official wallet links etc etc here in btctalk and i think it is sufficient enough..

what is slack? slack makes other people's mouth a little bit faster. lol.

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away. 
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

Sorry to hear about your loss ,but i would like to know one things,since this is the first time i am looking at PIVX other than seeing the price in exchanges i never purchased it,but it looks like they have a address claim feature,so is it possible for the developers to send the coins from the wallet if you can prove that it is your address.

sorry to hear OP, man it sucks.  i've been fucked before too.

but...had this been the new wbb about to launch, they could rollback your single individual transactions and recoupe all your funds, without affecting 'the chain' cause well, there would be no 'chain' to affect!    cheers.

s3v3nh4acks the lead devoper of PIVX told me the key I posted  (in private chat) cannot be used take my coins.

Bullshit I would not understand them? Give me an example.? 

I bought first alt coin one month ago and learning fast. U expect crypto noobs to know everything?

U have no fucking idea dickhead

You obviously have no idea of this field.
There does not have to be any traces of a hack (although often there are) but even if there would you would not understand them.


Can anybody confirm the private key he posted is not a key enabling anybody to take the coins?
If it was you can end your search.

i have sent virus/malware scan tool logs to bleepingcomputer forum to try find evidence that i was hacked

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

https://www.bleepingcomputer.com/forums/t/645998/10000-pivx-stolen-20000aud-trojan-horse/

That is the masternode private key. All that is, is used to verify the collateral in your controller wallet
It cannot be used to restore a wallet

Your actually are called the person who stole the coins a hacker lol? Any retard that knows how private keys work could of took the coins.

Well OP, there's a 13k lesson to remember. You might want to familiarize yourself more with crypto before holding such amounts of cash.

Looks like the thief got enough money from those hack things, he is better than Op.
But, if that's true that Op has posted his crucial part of wallet, than it's even worse than just get hacked.
PivX coin price should be drop a bit due to this 'serial killer' (hacker) activities.

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

ComboFix 17-05-04.01 - Mick 05/05/2017  20:23:50.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.24488.21976 [GMT 10:00]
Running from: c:\users\Mick\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Mick\AppData\Local\assembly\tmp
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-05 to 2017-05-05  )))))))))))))))))))))))))))))))
.
.
2017-05-05 10:36 . 2017-05-05 10:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2017-05-05 10:30 . 2017-05-05 10:30   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3896.dll
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\users\Mick\AppData\Local\GlassWire
2017-05-05 10:20 . 2015-05-29 04:15   33248   ----a-w-   c:\windows\system32\drivers\gwdrv.sys
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\programdata\GlassWire
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\program files (x86)\GlassWire
2017-05-04 10:05 . 2017-05-04 10:16   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-05-04 09:50 . 2017-05-04 09:50   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3672.dll
2017-05-03 10:33 . 2017-05-05 10:31   --------   d-----w-   c:\users\Mick\AppData\Local\assembly
2017-05-03 10:12 . 2017-05-05 10:20   186304   ----a-w-   c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-03 10:11 . 2017-05-05 10:20   111544   ----a-w-   c:\windows\system32\drivers\farflt.sys
2017-05-03 10:11 . 2017-05-05 10:20   43968   ----a-w-   c:\windows\system32\drivers\mbam.sys
2017-05-03 10:11 . 2017-05-05 10:20   82720   ----a-w-   c:\windows\system32\drivers\mwac.sys
2017-05-03 10:11 . 2017-03-22 01:02   77440   ----a-w-   c:\windows\system32\drivers\mbae64.sys
2017-05-03 10:11 . 2017-05-03 10:11   --------   d-----w-   c:\program files\Malwarebytes
2017-05-03 03:44 . 2017-05-03 03:52   --------   d-----w-   c:\users\Mick\AppData\Local\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip Smart Monitor
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\programdata\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip
2017-05-03 03:40 . 2017-05-03 03:40   --------   d-----w-   c:\programdata\UniqueId
2017-05-02 10:58 . 2017-05-02 10:58   --------   d--h--w-   c:\programdata\CanonIJScan
2017-05-02 09:19 . 2017-04-06 23:10   12993592   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\mpengine.dll
2017-05-01 13:52 . 2017-05-01 13:52   --------   d-----w-   c:\program files\PuTTY
2017-04-11 23:04 . 2017-02-23 08:17   136064   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2017-04-11 23:04 . 2017-04-11 23:04   --------   d-----w-   c:\program files (x86)\VulkanRT
2017-04-11 23:04 . 2017-01-26 00:13   103936   ----a-w-   c:\windows\SysWow64\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:12   326656   ----a-w-   c:\windows\SysWow64\vulkan-1.dll
2017-04-11 23:04 . 2017-01-26 00:09   118272   ----a-w-   c:\windows\system32\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:09   322560   ----a-w-   c:\windows\system32\vulkan-1.dll
2017-04-10 22:55 . 2017-05-05 10:21   --------   d-----w-   c:\users\Mick\AppData\Roaming\PIVX
2017-04-10 22:54 . 2017-04-11 15:13   --------   d-----w-   c:\program files\Pivx
2017-04-10 22:35 . 2017-04-13 23:53   --------   d-----w-   c:\users\Mick\AppData\Local\CrashDumps
2017-04-09 05:41 . 2017-04-09 05:41   --------   d-----w-   C:\Tor Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-05 10:20 . 2016-08-18 04:52   251832   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-11 23:05 . 2016-07-07 23:33   148601744   -c--a-w-   c:\windows\system32\MRT.exe
2017-03-23 06:06 . 2016-08-18 05:54   521656   ----a-w-   c:\windows\system32\OpenCL.dll
2017-03-23 06:05 . 2016-08-18 05:54   429112   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2017-03-23 06:04 . 2017-03-23 06:04   34959288   ----a-w-   c:\windows\system32\nvoglv64.dll
2017-03-23 06:04 . 2017-03-23 06:04   28232248   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2017-03-23 06:04 . 2017-03-23 06:04   14437944   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2017-03-23 06:03 . 2017-03-23 06:03   620088   ----a-w-   c:\windows\system32\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   968120   ----a-w-   c:\windows\system32\NvIFR64.dll
2017-03-23 06:03 . 2017-03-23 06:03   509496   ----a-w-   c:\windows\SysWow64\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   921144   ----a-w-   c:\windows\SysWow64\NvIFR.dll
2017-03-23 06:03 . 2017-03-23 06:03   56368   ----a-w-   c:\windows\system32\nvhdap64.dll
2017-03-23 06:03 . 2017-03-23 06:03   1608760   ----a-w-   c:\windows\system32\nvhdagenco6420103.dll
2017-03-23 06:03 . 2017-03-23 06:03   226232   ----a-w-   c:\windows\system32\drivers\nvhda64v.sys
2017-03-23 06:02 . 2017-03-23 06:02   997816   ----a-w-   c:\windows\SysWow64\NvFBC.dll
2017-03-23 06:02 . 2017-03-23 06:02   1060280   ----a-w-   c:\windows\system32\NvFBC64.dll
2017-03-23 06:02 . 2017-03-23 06:02   1598392   ----a-w-   c:\windows\system32\nvdispgenco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   1993784   ----a-w-   c:\windows\system32\nvdispco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   3634104   ----a-w-   c:\windows\system32\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   3194296   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   40200760   ----a-w-   c:\windows\system32\nvcompiler.dll
2017-03-23 06:02 . 2017-03-23 06:02   35281464   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
2017-03-23 05:47 . 2016-08-18 05:53   20065848   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2017-03-23 05:47 . 2017-03-23 05:47   17441120   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2017-03-23 05:47 . 2016-08-18 05:53   505960   ----a-w-   c:\windows\system32\nvumdshimx.dll
2017-03-23 05:47 . 2017-03-23 05:47   420736   ----a-w-   c:\windows\SysWow64\nvumdshim.dll
2017-03-23 05:47 . 2017-03-23 05:47   11125136   ----a-w-   c:\windows\system32\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   9077760   ----a-w-   c:\windows\SysWow64\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   19182360   ----a-w-   c:\windows\system32\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   14811968   ----a-w-   c:\windows\SysWow64\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   163448   ----a-w-   c:\windows\system32\nvoglshim64.dll
2017-03-23 05:47 . 2017-03-23 05:47   141768   ----a-w-   c:\windows\SysWow64\nvoglshim32.dll
2017-03-23 05:47 . 2017-03-23 05:47   180768   ----a-w-   c:\windows\system32\nvinitx.dll
2017-03-23 05:47 . 2017-03-23 05:47   702320   ----a-w-   c:\windows\system32\nvfatbinaryLoader.dll
2017-03-23 05:47 . 2017-03-23 05:47   158208   ----a-w-   c:\windows\SysWow64\nvinit.dll
2017-03-23 05:46 . 2017-03-23 05:46   589976   ----a-w-   c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-03-23 05:46 . 2017-03-23 05:46   517280   ----a-w-   c:\windows\system32\nvEncodeAPI64.dll
2017-03-23 05:46 . 2017-03-23 05:46   437928   ----a-w-   c:\windows\SysWow64\nvEncodeAPI.dll
2017-03-23 05:46 . 2017-03-23 05:46   16551672   ----a-w-   c:\windows\system32\nvd3dumx.dll
2017-03-23 05:46 . 2017-03-23 05:46   13502952   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2017-03-23 05:46 . 2017-03-23 05:46   11229096   ----a-w-   c:\windows\system32\nvcuda.dll
2017-03-23 05:46 . 2017-03-23 05:46   9396624   ----a-w-   c:\windows\SysWow64\nvcuda.dll
2017-03-23 05:46 . 2016-08-18 05:53   4108520   ----a-w-   c:\windows\system32\nvapi64.dll
2017-03-23 05:46 . 2017-03-23 05:46   3623928   ----a-w-   c:\windows\SysWow64\nvapi.dll
2017-03-19 14:48 . 2017-03-19 14:48   28352   ----a-w-   c:\windows\SysWow64\aspnet_counters.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   30400   ----a-w-   c:\windows\system32\aspnet_counters.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcp110_clr0400.dll
2017-03-08 04:21 . 2017-04-11 17:42   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2017-02-23 08:43 . 2017-02-24 10:26   1951   ----a-w-   c:\windows\NvContainerRecovery.bat
2017-02-23 08:28 . 2016-08-18 05:54   6401984   ----a-w-   c:\windows\system32\nvcpl.dll
2017-02-23 08:28 . 2016-08-18 05:54   2479160   ----a-w-   c:\windows\system32\nvsvc64.dll
2017-02-23 08:28 . 2016-08-18 05:54   83512   ----a-w-   c:\windows\system32\nv3dappshextr.dll
2017-02-23 08:28 . 2016-08-18 05:54   69568   ----a-w-   c:\windows\system32\nvshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   548288   ----a-w-   c:\windows\system32\nv3dappshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   392128   ----a-w-   c:\windows\system32\nvmctray.dll
2017-02-23 08:28 . 2016-08-18 05:54   1764408   ----a-w-   c:\windows\system32\nvsvcr.dll
2017-02-23 06:38 . 2016-08-18 05:54   7807027   ----a-w-   c:\windows\system32\nvcoproc.bin
2017-02-22 23:42 . 2017-03-15 10:00   84712   ----a-w-   c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 10:00   1285632   ----a-w-   c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 10:00   646656   ----a-w-   c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-15 10:00   1609216   ----a-w-   c:\windows\system32\appraiser.dll
2017-02-11 15:58 . 2017-03-15 10:52   462848   ----a-w-   c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 10:52   405504   ----a-w-   c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 10:52   168960   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 10:52   803328   ----a-w-   c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 10:52   628736   ----a-w-   c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 10:52   1251328   ----a-w-   c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 10:52   40960   ----a-w-   c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 10:52   625664   ----a-w-   c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 10:52   250880   ----a-w-   c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 10:52   481792   ----a-w-   c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 10:52   215040   ----a-w-   c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 10:52   32768   ----a-w-   c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 10:52   1648128   ----a-w-   c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 10:52   1180160   ----a-w-   c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 10:52   733696   ----a-w-   c:\windows\HelpPane.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2016-07-07 399224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-07-05 3948600]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2016-10-30 121688]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2017-03-21 5791696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
.
c:\users\Mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PIVX.lnk - c:\program files\Pivx\pivx-qt.exe -min [2017-4-19 29835280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe

R3 CLink4Service;Corsair Link 4;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe

R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys

R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys

R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys

S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys

S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys

S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys

S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys

S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe

S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys

S2 Intel(R) ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

S2 WinZip Smart Monitor Service;WinZip Smart Monitor Service;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys

S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys

S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys

S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - GWDRV
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38   323664   ----a-w-   c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52   25624   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-08 9068040]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2016-11-08 1476104]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{1c267702-557a-4890-b0dd-4a9edef2a76a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000106
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,dc,27,65,ce,29,00,3e,62,e1,c6,0c,a3,8d,b0,36,97,f1,60,9f,e8,
   da,15,39,bc,61,33,1d,31,72,b2,97,68,0f,77,7a,f2,0a,7d,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-05  20:54:43
ComboFix-quarantined-files.txt  2017-05-05 10:54
.
Pre-Run: 176,136,314,880 bytes free
Post-Run: 175,593,807,872 bytes free
.
- - End Of File - - D614F7A0C7EC6FF5116106D2B68FC1F4










KL-Detector has found some suspicious files:
C:\Users\Mick\AppData\Roaming\johnsadventures.com\Background Switcher\Status.xml
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-19-05042017194731123-ntuser.dat
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-21-3605924061-2812923310-3988586812-1000-05042017194719720-ntuser.dat
C:\ProgramData\WinZip\WinZip.addon
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
C:\Windows\inf\setupapi.app.log
C:\ProgramData\NVIDIA Corporation\nvstapisvr\nvstapisvr.log
C:\Users\Mick\Desktop\mbar\system-log.txt
C:\Users\Mick\Desktop\mbar\Data\Configuration\local.conf
C:\ProgramData\ESET\ESET Smart Security\HipsRules.bin
C:\ProgramData\ESET\ESET Smart Security\local.db
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\db53b23fd1edbd46.automaticDestinations-ms

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\ProgramData\Malwarebytes\MBAMService\
C:\ProgramData\Malwarebytes\
C:\ProgramData\Malwarebytes\MBAMService\config\
C:\ProgramData\WinZip\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\
C:\Users\Mick\AppData\Roaming\PIVX\
C:\Windows\System32\config\
C:\Windows\Temp\
C:\Windows\
C:\Users\Mick\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
C:\Users\Mick\AppData\Local\Temp\
C:\ProgramData\NVIDIA Corporation\nvstapisvr\
C:\Users\Mick\AppData\Local\Microsoft\Windows\
C:\System Volume Information\
C:\Users\Mick\Desktop\mbar\
C:\Users\Mick\AppData\Local\
C:\Users\Mick\Desktop\
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\
C:\ProgramData\ESET\ESET Smart Security\
C:\Users\Mick\AppData\Local\Temp\wz9c7d\NanoWallet\vendors\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\