10000 PIVX STOLEN

[DomainMagnate]

When you talking about this mysterious disappearing of your coins my thoughts are focused on the different side, to become suspicious about this code, and i hope whole this topic is not about creating confusin and fear..This wont reflect good on oure investments.

Hmmm I saw someone also complaining about stolen PIVX from exchange.Is it possible that the coins actually are virus??just think about possibility.A virus disguised as a crypto and disappeared after a set period of time or send itself to some pre defined address?That would be really scary

[1714947638]

1714947638

[1714947638]

1714947638

[johnny5johnny5]

I remember that in the instructions to setup a masternode, you have to send 10,000 PIVX to another PIVX wallet (the masternode wallet). Are you sure you didn't send the 10,000 PIVX yourself to the masternode wallet? Is that maybe when it happened?

[Xalib]

Do I see it right, you posted your private key in a public channel?

And you ask why your coins are gone?

Take the loss as a man and learn from it that this kind of technology is out of your league.

[allthebitandbobs]

sorry about the lost but i guessing this will teach all of us a lesson .Never keep all your eggs in one basket

[jawatulen]

you should becarefull wit your own wallet,
i think you click something that can give information about your wallet, maybe on email, or in another place

[Mickeyspit]

no, not the masternode private key, but someone could have voted for you. All that is, is used to verify the collateral in your controller wallet

[Xalib]

The time of the transaction taking your coins is surely not a coincidence. You gave somebody enough information to initiate this transaction.

Also, upgrade your OS! Better don't use windows after all.

[Mickeyspit]

I have spoken to s3v3nh4acks  the lead developer of PIVX

He says

How it happened?? You ha e a trojan on your system... no other way to do what u say happened, unless u dis it yourself or someone else had physical access to your system.
It isn't a bug, but if u think so, then you find it, show me provable and repeatable evidence and i will replace your funds... but you are wasting your time.

Which I replied with if I find evidence of a hack I'll buy another masternode!

Upon conclusion
Very big coincidence that this Happend while setting up masternode and was told to unlock my wallet.
When it comes to money u can only trust very few.
I will continue to try find evidence of the hack

The hacker did leave me with 6.8 pivx nice cunt huh.

[Mickeyspit]

Highly likely there is a hacker on slack targeting masternodes



Pivx should really enable 2FA ASAP.

[BTCwriter]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

It's unlikely. I usually don't believed in this altcoins hack a bit. Probably some kind of glitch on your computer part.
If you hire someone to install masternode or something like that then, yes.

[Mickeyspit]

It appears the hacker theif is stealing more money each day....

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

[Ayers]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

if you did not install anything lately, it's impossible for the hacker to hack your computer, he can't simply target your computer, i think you installed something malicious and now forgot about it, don't install anything from the web without running it in sandbox first or in virtual machine, or put all your treasure in another mahcine

[Mickeyspit]

ComboFix 17-05-04.01 - Mick 05/05/2017  20:23:50.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.24488.21976 [GMT 10:00]
Running from: c:\users\Mick\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Mick\AppData\Local\assembly\tmp
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-05 to 2017-05-05  )))))))))))))))))))))))))))))))
.
.
2017-05-05 10:36 . 2017-05-05 10:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2017-05-05 10:30 . 2017-05-05 10:30   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3896.dll
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\users\Mick\AppData\Local\GlassWire
2017-05-05 10:20 . 2015-05-29 04:15   33248   ----a-w-   c:\windows\system32\drivers\gwdrv.sys
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\programdata\GlassWire
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\program files (x86)\GlassWire
2017-05-04 10:05 . 2017-05-04 10:16   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-05-04 09:50 . 2017-05-04 09:50   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3672.dll
2017-05-03 10:33 . 2017-05-05 10:31   --------   d-----w-   c:\users\Mick\AppData\Local\assembly
2017-05-03 10:12 . 2017-05-05 10:20   186304   ----a-w-   c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-03 10:11 . 2017-05-05 10:20   111544   ----a-w-   c:\windows\system32\drivers\farflt.sys
2017-05-03 10:11 . 2017-05-05 10:20   43968   ----a-w-   c:\windows\system32\drivers\mbam.sys
2017-05-03 10:11 . 2017-05-05 10:20   82720   ----a-w-   c:\windows\system32\drivers\mwac.sys
2017-05-03 10:11 . 2017-03-22 01:02   77440   ----a-w-   c:\windows\system32\drivers\mbae64.sys
2017-05-03 10:11 . 2017-05-03 10:11   --------   d-----w-   c:\program files\Malwarebytes
2017-05-03 03:44 . 2017-05-03 03:52   --------   d-----w-   c:\users\Mick\AppData\Local\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip Smart Monitor
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\programdata\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip
2017-05-03 03:40 . 2017-05-03 03:40   --------   d-----w-   c:\programdata\UniqueId
2017-05-02 10:58 . 2017-05-02 10:58   --------   d--h--w-   c:\programdata\CanonIJScan
2017-05-02 09:19 . 2017-04-06 23:10   12993592   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\mpengine.dll
2017-05-01 13:52 . 2017-05-01 13:52   --------   d-----w-   c:\program files\PuTTY
2017-04-11 23:04 . 2017-02-23 08:17   136064   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2017-04-11 23:04 . 2017-04-11 23:04   --------   d-----w-   c:\program files (x86)\VulkanRT
2017-04-11 23:04 . 2017-01-26 00:13   103936   ----a-w-   c:\windows\SysWow64\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:12   326656   ----a-w-   c:\windows\SysWow64\vulkan-1.dll
2017-04-11 23:04 . 2017-01-26 00:09   118272   ----a-w-   c:\windows\system32\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:09   322560   ----a-w-   c:\windows\system32\vulkan-1.dll
2017-04-10 22:55 . 2017-05-05 10:21   --------   d-----w-   c:\users\Mick\AppData\Roaming\PIVX
2017-04-10 22:54 . 2017-04-11 15:13   --------   d-----w-   c:\program files\Pivx
2017-04-10 22:35 . 2017-04-13 23:53   --------   d-----w-   c:\users\Mick\AppData\Local\CrashDumps
2017-04-09 05:41 . 2017-04-09 05:41   --------   d-----w-   C:\Tor Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-05 10:20 . 2016-08-18 04:52   251832   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-11 23:05 . 2016-07-07 23:33   148601744   -c--a-w-   c:\windows\system32\MRT.exe
2017-03-23 06:06 . 2016-08-18 05:54   521656   ----a-w-   c:\windows\system32\OpenCL.dll
2017-03-23 06:05 . 2016-08-18 05:54   429112   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2017-03-23 06:04 . 2017-03-23 06:04   34959288   ----a-w-   c:\windows\system32\nvoglv64.dll
2017-03-23 06:04 . 2017-03-23 06:04   28232248   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2017-03-23 06:04 . 2017-03-23 06:04   14437944   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2017-03-23 06:03 . 2017-03-23 06:03   620088   ----a-w-   c:\windows\system32\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   968120   ----a-w-   c:\windows\system32\NvIFR64.dll
2017-03-23 06:03 . 2017-03-23 06:03   509496   ----a-w-   c:\windows\SysWow64\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   921144   ----a-w-   c:\windows\SysWow64\NvIFR.dll
2017-03-23 06:03 . 2017-03-23 06:03   56368   ----a-w-   c:\windows\system32\nvhdap64.dll
2017-03-23 06:03 . 2017-03-23 06:03   1608760   ----a-w-   c:\windows\system32\nvhdagenco6420103.dll
2017-03-23 06:03 . 2017-03-23 06:03   226232   ----a-w-   c:\windows\system32\drivers\nvhda64v.sys
2017-03-23 06:02 . 2017-03-23 06:02   997816   ----a-w-   c:\windows\SysWow64\NvFBC.dll
2017-03-23 06:02 . 2017-03-23 06:02   1060280   ----a-w-   c:\windows\system32\NvFBC64.dll
2017-03-23 06:02 . 2017-03-23 06:02   1598392   ----a-w-   c:\windows\system32\nvdispgenco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   1993784   ----a-w-   c:\windows\system32\nvdispco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   3634104   ----a-w-   c:\windows\system32\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   3194296   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   40200760   ----a-w-   c:\windows\system32\nvcompiler.dll
2017-03-23 06:02 . 2017-03-23 06:02   35281464   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
2017-03-23 05:47 . 2016-08-18 05:53   20065848   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2017-03-23 05:47 . 2017-03-23 05:47   17441120   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2017-03-23 05:47 . 2016-08-18 05:53   505960   ----a-w-   c:\windows\system32\nvumdshimx.dll
2017-03-23 05:47 . 2017-03-23 05:47   420736   ----a-w-   c:\windows\SysWow64\nvumdshim.dll
2017-03-23 05:47 . 2017-03-23 05:47   11125136   ----a-w-   c:\windows\system32\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   9077760   ----a-w-   c:\windows\SysWow64\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   19182360   ----a-w-   c:\windows\system32\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   14811968   ----a-w-   c:\windows\SysWow64\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   163448   ----a-w-   c:\windows\system32\nvoglshim64.dll
2017-03-23 05:47 . 2017-03-23 05:47   141768   ----a-w-   c:\windows\SysWow64\nvoglshim32.dll
2017-03-23 05:47 . 2017-03-23 05:47   180768   ----a-w-   c:\windows\system32\nvinitx.dll
2017-03-23 05:47 . 2017-03-23 05:47   702320   ----a-w-   c:\windows\system32\nvfatbinaryLoader.dll
2017-03-23 05:47 . 2017-03-23 05:47   158208   ----a-w-   c:\windows\SysWow64\nvinit.dll
2017-03-23 05:46 . 2017-03-23 05:46   589976   ----a-w-   c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-03-23 05:46 . 2017-03-23 05:46   517280   ----a-w-   c:\windows\system32\nvEncodeAPI64.dll
2017-03-23 05:46 . 2017-03-23 05:46   437928   ----a-w-   c:\windows\SysWow64\nvEncodeAPI.dll
2017-03-23 05:46 . 2017-03-23 05:46   16551672   ----a-w-   c:\windows\system32\nvd3dumx.dll
2017-03-23 05:46 . 2017-03-23 05:46   13502952   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2017-03-23 05:46 . 2017-03-23 05:46   11229096   ----a-w-   c:\windows\system32\nvcuda.dll
2017-03-23 05:46 . 2017-03-23 05:46   9396624   ----a-w-   c:\windows\SysWow64\nvcuda.dll
2017-03-23 05:46 . 2016-08-18 05:53   4108520   ----a-w-   c:\windows\system32\nvapi64.dll
2017-03-23 05:46 . 2017-03-23 05:46   3623928   ----a-w-   c:\windows\SysWow64\nvapi.dll
2017-03-19 14:48 . 2017-03-19 14:48   28352   ----a-w-   c:\windows\SysWow64\aspnet_counters.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   30400   ----a-w-   c:\windows\system32\aspnet_counters.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcp110_clr0400.dll
2017-03-08 04:21 . 2017-04-11 17:42   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2017-02-23 08:43 . 2017-02-24 10:26   1951   ----a-w-   c:\windows\NvContainerRecovery.bat
2017-02-23 08:28 . 2016-08-18 05:54   6401984   ----a-w-   c:\windows\system32\nvcpl.dll
2017-02-23 08:28 . 2016-08-18 05:54   2479160   ----a-w-   c:\windows\system32\nvsvc64.dll
2017-02-23 08:28 . 2016-08-18 05:54   83512   ----a-w-   c:\windows\system32\nv3dappshextr.dll
2017-02-23 08:28 . 2016-08-18 05:54   69568   ----a-w-   c:\windows\system32\nvshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   548288   ----a-w-   c:\windows\system32\nv3dappshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   392128   ----a-w-   c:\windows\system32\nvmctray.dll
2017-02-23 08:28 . 2016-08-18 05:54   1764408   ----a-w-   c:\windows\system32\nvsvcr.dll
2017-02-23 06:38 . 2016-08-18 05:54   7807027   ----a-w-   c:\windows\system32\nvcoproc.bin
2017-02-22 23:42 . 2017-03-15 10:00   84712   ----a-w-   c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 10:00   1285632   ----a-w-   c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 10:00   646656   ----a-w-   c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-15 10:00   1609216   ----a-w-   c:\windows\system32\appraiser.dll
2017-02-11 15:58 . 2017-03-15 10:52   462848   ----a-w-   c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 10:52   405504   ----a-w-   c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 10:52   168960   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 10:52   803328   ----a-w-   c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 10:52   628736   ----a-w-   c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 10:52   1251328   ----a-w-   c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 10:52   40960   ----a-w-   c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 10:52   625664   ----a-w-   c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 10:52   250880   ----a-w-   c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 10:52   481792   ----a-w-   c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 10:52   215040   ----a-w-   c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 10:52   32768   ----a-w-   c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 10:52   1648128   ----a-w-   c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 10:52   1180160   ----a-w-   c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 10:52   733696   ----a-w-   c:\windows\HelpPane.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2016-07-07 399224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-07-05 3948600]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2016-10-30 121688]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2017-03-21 5791696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
.
c:\users\Mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PIVX.lnk - c:\program files\Pivx\pivx-qt.exe -min [2017-4-19 29835280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe

R3 CLink4Service;Corsair Link 4;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe

R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys

R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys

R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys

S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys

S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys

S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys

S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys

S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe

S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys

S2 Intel(R) ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

S2 WinZip Smart Monitor Service;WinZip Smart Monitor Service;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys

S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys

S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys

S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - GWDRV
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38   323664   ----a-w-   c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52   25624   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-08 9068040]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2016-11-08 1476104]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{1c267702-557a-4890-b0dd-4a9edef2a76a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000106
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,dc,27,65,ce,29,00,3e,62,e1,c6,0c,a3,8d,b0,36,97,f1,60,9f,e8,
   da,15,39,bc,61,33,1d,31,72,b2,97,68,0f,77,7a,f2,0a,7d,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-05  20:54:43
ComboFix-quarantined-files.txt  2017-05-05 10:54
.
Pre-Run: 176,136,314,880 bytes free
Post-Run: 175,593,807,872 bytes free
.
- - End Of File - - D614F7A0C7EC6FF5116106D2B68FC1F4










KL-Detector has found some suspicious files:
C:\Users\Mick\AppData\Roaming\johnsadventures.com\Background Switcher\Status.xml
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-19-05042017194731123-ntuser.dat
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-21-3605924061-2812923310-3988586812-1000-05042017194719720-ntuser.dat
C:\ProgramData\WinZip\WinZip.addon
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
C:\Windows\inf\setupapi.app.log
C:\ProgramData\NVIDIA Corporation\nvstapisvr\nvstapisvr.log
C:\Users\Mick\Desktop\mbar\system-log.txt
C:\Users\Mick\Desktop\mbar\Data\Configuration\local.conf
C:\ProgramData\ESET\ESET Smart Security\HipsRules.bin
C:\ProgramData\ESET\ESET Smart Security\local.db
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\db53b23fd1edbd46.automaticDestinations-ms

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\ProgramData\Malwarebytes\MBAMService\
C:\ProgramData\Malwarebytes\
C:\ProgramData\Malwarebytes\MBAMService\config\
C:\ProgramData\WinZip\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\
C:\Users\Mick\AppData\Roaming\PIVX\
C:\Windows\System32\config\
C:\Windows\Temp\
C:\Windows\
C:\Users\Mick\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
C:\Users\Mick\AppData\Local\Temp\
C:\ProgramData\NVIDIA Corporation\nvstapisvr\
C:\Users\Mick\AppData\Local\Microsoft\Windows\
C:\System Volume Information\
C:\Users\Mick\Desktop\mbar\
C:\Users\Mick\AppData\Local\
C:\Users\Mick\Desktop\
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\
C:\ProgramData\ESET\ESET Smart Security\
C:\Users\Mick\AppData\Local\Temp\wz9c7d\NanoWallet\vendors\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\

[MisO69]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

[Rahar02]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

Looks like the thief got enough money from those hack things, he is better than Op.
But, if that's true that Op has posted his crucial part of wallet, than it's even worse than just get hacked.
PivX coin price should be drop a bit due to this 'serial killer' (hacker) activities.

[smokim87]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

Looks like the thief got enough money from those hack things, he is better than Op.
But, if that's true that Op has posted his crucial part of wallet, than it's even worse than just get hacked.
PivX coin price should be drop a bit due to this 'serial killer' (hacker) activities.

Your actually are called the person who stole the coins a hacker lol? Any retard that knows how private keys work could of took the coins.

Well OP, there's a 13k lesson to remember. You might want to familiarize yourself more with crypto before holding such amounts of cash.

[Mickeyspit]

That is the masternode private key. All that is, is used to verify the collateral in your controller wallet
It cannot be used to restore a wallet

[Mickeyspit]

i have sent virus/malware scan tool logs to bleepingcomputer forum to try find evidence that i was hacked

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

https://www.bleepingcomputer.com/forums/t/645998/10000-pivx-stolen-20000aud-trojan-horse/

[Xalib]

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

You obviously have no idea of this field.
There does not have to be any traces of a hack (although often there are) but even if there would you would not understand them.


Can anybody confirm the private key he posted is not a key enabling anybody to take the coins?
If it was you can end your search.

[Mickeyspit]

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

You obviously have no idea of this field.
There does not have to be any traces of a hack (although often there are) but even if there would you would not understand them.


Can anybody confirm the private key he posted is not a key enabling anybody to take the coins?
If it was you can end your search.

s3v3nh4acks the lead devoper of PIVX told me the key I posted  (in private chat) cannot be used take my coins.

Bullshit I would not understand them? Give me an example.? 

I bought first alt coin one month ago and learning fast. U expect crypto noobs to know everything?

U have no fucking idea dickhead