There are two rootkits that is root cause of c:\windows\svchost.exe
zero access & TDL4/MAXSS (mostly pihar )
As you say that you have winrscmde pop up,it should be rootkit boot.pihar.TDSSkiller should cure it
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Restart the PC,If MBAM still detects svchost.exe,remove it and re scan,it should come clean.
Do not mess up C:\windows\system32\svchost.exe,this is valid file
good luck
