well it may be a trojan ....
its only possible if they are using a kernel rootkit because it hides the process threads from user by modifying the kernel fuctioning,
and as netstat -a shows all the connections with port no.
the trojan may have modified netstat -a fuctioning or copied with its looklike which is hiding
that trojan..
u can try a port scanner to scan all the ports (not nmap bcoz current windows version it doesn't have the ability to scan itself)
soo u can try any commercial troajn scanner if can see the the ports if it has modified the netstat command
bt if a rootkit is installed .. try using a rootkit scanner..
also wen anything like happens jus make a log of netstat -a n compare to wen its working fine..
well thats my way of thinking....
ashtified_85