I found something similar a few months ago while using <a href="http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx">Sysinternal's TCPView</a>, and after some research I found this (but this is exclusive for TCPView, so if you are using other monitoring software this might not apply): "Notes - Svchost.exe is related to various Windows Services. A Remote Address of *.* means the port is open but not connection to anything. TCPView may show that the System Idle process (PID 0) is using some TCP ports. This behavior may occur if a local program connects to a TCP port, and then stops. The program's TCP connection to the port may be left in a "Timed Wait" state even though the program is no longer running. In this case, TCPView may detect that the port is in use. However, TCPView cannot identify the program that is using the port because the program has stopped and the PID was released." -CarlosDL ----------

I found something similar a few months ago while using <a href="http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx">Sysinternal's TCPView</a>, and after some research I found this (but this is exclusive for TCPView, so if you are using other monitoring software this might not apply): "Notes - Svchost.exe is related to various Windows Services. A Remote Address of *.* means the port is open but not connection to anything. TCPView may show that the System Idle process (PID 0) is using some TCP ports. This behavior may occur if a local program connects to a TCP port, and then stops. The program's TCP connection to the port may be left in a "Timed Wait" state even though the program is no longer running. In this case, TCPView may detect that the port is in use. However, TCPView cannot identify the program that is using the port because the program has stopped and the PID was released." -CarlosDL ----------