Hi - I had an infection that continually put a bitcoin miner exe file in my C:\Windows folder and it started up randomly. Some of these were caught by Malwarebytes but most were not, but even after deleting them, new ones reappeared, always with a different name (e.g. moy.exe). Tried everything, went through all the advice on this forum, nothing worked. I tried a competing software programme (not sure if I'm allowed to mention the name here) and it was found. Details: C:\Windows\System32\wensrSvc.dll Size . . . . . . . : 1,688,064 bytes Age . . . . . . . : 10.9 days (2014-01-06 22:34:18) Entropy . . . . . : 7.9 SHA-256 . . . . . : A519FA9B9E916959EF9751DBB3AECAE561D20BD67C60791363DB14FFBFBB68C3 Service . . . . . : wensrSvc Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Starts automatically as a service during system bootup. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Time indicates that the file appeared recently on this computer. Startup HKLM\SYSTEM\CurrentControlSet\Services\wensrSvc\ Anyway, it's totally fixed now (thank goodness!) and I wanted to warn other users of this. Simple to remove, just delete this file and any similar ones (there was also a wensrSvc.ocx file). Best of luck!!