If you've been infected by spyware or a virus then this will often try to make an internet connection, "phoning home" for more instructions on what to do next. And to make this happen it will need to open a TCP/IP or UDP port on your PC. If you're worried you've been infected by malware, then, run CurrPorts may tell you more. It'll list every currently open port, and (usually) the process that opened it, giving you a good chance of detecting any suspicious activity.
Don't panic just because CurrPorts has a lengthy list of programs, though. That's quite normal, and most of these will be innocent. On our test PC, for instance, processes with open ports included AppleMobileDeviceService (an iTunes component), our antivirus tool, Internet Explorer, Outlook, Skype, and lots of Windows components (lsass.exe, services.exe, svchost.exe, wininit.exe and more).
To get a better feel for potentially risky connections, check the CurrPorts Remote Address and Remote Host Name columns. If these are blank, or list addresses that correspond to your PC or network (0.0.0.0, 127.0.0.1, a network address or your PCs network name) then the connection is unlikely to be a problem. If the remote address corresponds to an internet IP address, though, and you don't recognise the process responsible for the connection, then that may require more investigation.
The program can also close particular connections on request (right-click and select the Close option). And if you click View > HTML Report then CurrPorts will produce a detailed report on everything it's discovered. Save this now, and you'll have a baseline that shows the ports your PC has open normally. Then, if you run CurrPorts in a month, say, any new open reports will be immediately obvious.
- Added separated display filter for every TCP state, under Options -> State Display Filter ('Display Syn-Sent', 'Display Time Wait', and more...)
A useful tool that deserves a place in your security toolkit