What is SVCHOST?
You will notice that most ports are held by one of the many instances of svchost.exe. Most Windows services are not full executables, merely DLLs. These DLLs must be loaded by a host executable like SVCHOST. This saves system resources at the expense of security. To determine which services are running under a specific instance of SVCHOST, open a command prompt and enter:
Svchost usually runs as one of three special users: SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. Unfortunately, even the system administrator does not have sufficient rights to kill SVCHOST when it runs as one of these three users.