I'm glad the Tcpview scan looks ok. Here's a follow-up on your last:
In your last msg you wrote: ..."126.96.36.199 is your MS Hotmail". Interesting, as I have never had Hotmail or used Hotmail.
Abacast is something I use to get a webcast.
As for what my friend was seeing, I'm just repeating what I thought I heard him say, so it's possible (likely) that I have something wrong or out of context, but I thought I heard him say he wanted to check out those port assignments in the 50000+ range. If it looks ok now, that's good I presume.
In place of TDSSKiller he told me to do the process documented here: http://www.techspot.com/vb/topic143469.html
That's the process we were doing when the crashes of the anti-malware tools and his having to leave led me to contact you (I would contact him but I don't really want to bug him right now as he dealing with a death in the family).
There are some other worrisome behaviors still happening even though two viruses have been removed (the one removed by Malwarebytes noted in the original post, and the Java .jar file virus we just removed with CCleaner).
1) The Avira anti-virus full scan locks and stops on the the same directory as before and now at this file (they always seem to stop on this file or the ehiVidCtl.ni.dll one in the first post):
2) Ran MalwareBytes full scan and it stops on the same file and crashes Windows when I tried to close it.
3) GMER still gives the error "C:\windows\system32\Config\system: The system cannot find the file specified", but ran and said "No system modifications found".
Two misc. items: 1) I did not update the Microsoft patch Tuesday updates yet. 2) Is it normal that I cannot see the "NativeImages_v2.0.50727_32" dir in explorer [logged as administrator, show hidden & system files selected])?
So this machine has still not had a successful full-system scan since Feb. Is this malware killing these processes?
Phishing calls: The first one went to my brother at his work within one hour of my first system crash (when I tried to upgrade Avira to its ver. 10). The caller left a name that was my first name and last initial. It's the name on a Yahoo mail account that was logged on at the time of the crash. On further inquiry with others on my contacts list, I can't tell for sure whether their their junk calls and spam are connected to this or not.