Pac-Man

I have a server that's infected with Malware conhost.exe. I've completed steps from these forum posts listed below. https://forums.malwarebytes.com/topic/235964-malware-conhostexe/?page=2 https://www.bleepingcomputer.com/virus-removal/remove-console-window-host-conhost.exe-monero-miner#rkill The Malware Bytes app seems to keep it from starting up again, but I can't seem to keep it from being created in the c:windows\temp directory after reboot. Below are my registry exports. Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] When you right click on the process in the first picture the conhost.exe process is being run from the c:windows\temp directory. After I install the Malware bytes application that conhost.exe process doesn't show back up as running. The last step is to stop the conhost.exe file from being created in the c:windows\temp directory after a reboot.