It looks like it's a Trojan called:-
scvhost,
Please Note!
SVCHOST.EXE is a Windows process.
S
CVHOST.EXE is a trojan.
After several google sessions I've found this site which after following their instructions found it and eliminated it:-
http://forums.techguy.org/malware-re...s-closing.html
Although the title of this page is:
Solved: explorer.exe keeps closing. possible virus?
I found references elsewhere connecting the Trojan to MSN, this just seems to be a good method of removing it.
To save you printing the lot out I've pasted their instructions below:-
Download SDFix and save it to your Desktop.
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
* Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
* Remember to re-enable the protection again afterwards before connecting to the Internet.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* Open the c:\SDFix folder and double click RunThis.cmd to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread.
Next
Click here to download Dr.Web CureIt and save it to your desktop.
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.
Read through the instructions carefully several times before attempting the cure.
When sdfix is scanning in safe mode it can look as if nothing is happening, PLEASE be patient and allow the scan to finish, (it
will ask you to re-boot when it's finished).
I hope this helps,
cheers all,
Less.