Check the process with another tool such as TCPView from Microsoft. It will show process names with ports open with PID, protocol, local address, local port, remote address, remote port, as well as sent and received packets and bytes for each entry. Look for process ID 4 in its list. When you have located it, if you double-click on an entry, or right-click and choose "Process Properties", it will show the path and file name associated with the process. You could upload the file to Google's VirusTotal site, which checks uploaded files with multiple antivirus programs, to check whether it might be a system file that was replaced by malware, though it is possible that what you are seeing is due to some quirk of the tool. Once you have the location of the file associated with the process, you could right-click on it in the Microsoft Windows Explorer, choose "Properties", then select "Digital Signatures"; if it is a legitimate program, the name of the signer should be "Microsoft Corporation".
Another free tool that provides functionality similar to TCPView, is CurrPorts from NirSoft.