Except for all the javascript, flash, pdfreader, cross-site-scripting and other stuff that is prevalent today, which all happens as a result of a user-initiated action, not an open port. Also, if you got a drive-by virus from one of the ad-rotation injection attacks on a web browser you left open before you went to bed, it could be sitting there collecting documents/passwords/etc. and infecting other machines on your LAN all night long. By the time you clone your hard drive from the good image, the damage is mostly already done.