use process explorer and see whats running under the svchost, it might be windows update which is casuing it but troublshoot

Yes,

Download Process Explorer from Microsoft website and then run it.

In the process, right click SVCHOST.exe process and go to properties. Look for the actual location of file.

It could be threat also.

Also check your registry entry HKLM>Software>Microsoft>Windows>CurrentVersion>Run

Look for any suspicious file.

If found submit it to https://submit.symantec.com/gold or https://submit.symantec.com/platinum

rgrds,
SAM

Processor explorer free sysinternals tools will help you to analyze the threads

 it runs even after i disconnect network cable

When a virus still runs after disconnecting from the network, it has some rootkit on it.
Run procmon and check what DLL hooks onto it.

Any unknown or looks suspicious DLL, do submit it to Symantec submission.
Else check the svchost file . See if it was run from a non-normal location ie c:\windows\system or c:\windows .
If yes, do submit it also.

try formatting the primary partition .Remember dont open the other partitions until you install symantecAV
then install Symantec Av and run run a virus check .I doubt other partitions may contain a virus.