Okay, a few months ago I was infected with sweetpacks, which I thought I had cleaned. Several sweeps with MBAM and Bitdefender, among other tools, showed a clean system, or so I thought. I have several terabytes of data, so deep sweeps are a major undertaking, and do not happen as often as they should I'm afraid. Anyway, saw something suspicious in my task manager after some odd behavior over the past week or so, and discovered conhost.exe appearing without image path name or command line entries. I attempted to access or shut it down, and access denied. I clicked show processes from all users, and suddenly it shows a path name and command line, which oddly begins with \??\C:\ followed by the rest of the information. Thinking this odd, I tried Googling "\??\C:\" only to get absolutely nothing helpful. I simply have no clue what this is. So I go into safe mode and do 11 hours of MBAM to find 8 infections, seven of which are related to sweetpacks, which somehow managed to re-install itself after I re-installed Firefox a couple of weeks ago (I know it's related because one of the sweetpacks infections was the toolbar for Firefox which I had removed from IE and Chrome some time ago), and I also discovered that Core Temp, which is a utility I had been using for a few months, apparently carried with it an unwanted payload. I have since cleaned these infections, or at least the tools I'm using say they're gone. But when I return to standard mode and check Task Manager, the conhost.exe appears just as before--inaccessible and without information about its source unless I check show processes from all users. What is happening here? Do I have an infection? How can I be certain? OS: Windows 7 Ultimate Not sure what else you need to know.
Thanks ahead of time for any help with this.