Info I got on it
Any time you see ConHost.exe it means that a non-GUI program is being executed. This happens when you open the Command Prompt or when an application installer needs to run a standard "DOS" command as part of the installation routine. It's very normal to have the ConHost.exe process come and go, and should only be cause for concern if you have many (20-30+) instances for more than a few moments. Further, it's quite proper that you would observe program and service start/stop activity in connection with ConHost.exe processes starting and stopping, as it is at these times in a program's lifecycle that they'll often need to interact with a non-GUI application.
If you wish to dig in more deeply, the article
http://blogs.technet.com/b/askperf/archive/2009/10/05/windows-7-windows-server-2008-r2-console-host.aspx explains the new addition (as of Windows 7) that is ConHost.exe and the problem it is meant to solve::
In previous versions of Windows [that is, prior to Windows 7], all GUI activity on behalf of non-GUI applications that ran on the desktop (console applications) was brokered by the system process CSRSS.exe.
If you know much about how Windows handles separation of privilege between users, you might correctly see a potential weakness, confirm as the article continues:
The problem with this was that even if an application ran in the context of a regular user’s account, CSRSS.EXE runs under the Local System account. So it was possible under certain circumstances for malware to exploit weaknesses in an application in order to execute code under the more privileged Local System account in CSRSS.EXE.
Windows 7 permanently changed that model by introducing the ConHost.exe process:
This exposure was addressed in Windows 7 and Windows Server 2008 R2 by running the console messaging code in the context of a new process, ConHost.exe. ConHost (Console Host) runs in the same security context as its associated console application. Instead of issuing an LPC request to CSRSS for message-handling, the request goes to ConHost.
Hope that helps!