According to ProcExploder, all conhost windows were pointing to a Quictime associated Java file that was left in the Java install directory after Java was uninstalled months ago. I deleted the orphaned directory and rebooted and all he** broke loose... lol. CPU @ 100%, RAM steady climbing and dll processes kept multiplying. Rebooted and the conhost entries stayed the same but now point to WindowsPowerShell.
Something was using IE as after I deleted the Java directory and rebooted I got a window informing me that IE had quit working > do I want to close or check for a fix or whatever...
Must still be infected.
Previously (after removing as much of infection that I could) ran Bitdefender, SAS and MBAM. They found some minor leftovers and found the system clean.
Oh, well. Back to bricking my machine....lol
Edit: The assoc attributed to these conhost entries are COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Edited by bludgard, 04 November 2014 - 05:57 PM.