Laptop Duqu malware help!

Just recently my laptop receive blue screen indicating stack overflow in kernel which it never did before. Upon rebooting, some of my malware, spyware programs would not load and those that did had real protection checked off. WinPatrol did not load at all even when I went into the folder and clicked on the application. Received blue screen again with stack overflow. Rebooted and all my system restore points were erased. In folder options all options to hide windows system files and operating system were unchecked.

I went into safe mode and ran all the anti virus programs and maleware programs and everything checked out ok except Avira found a hidden file it could not read. Ran that file through SAS and Virustotal online scan and it checked out fine.

I rebooted into normal mode and everything was fine. I shutdown the computer and the next day when I rebooted it would not reboot into normal mode. The window screen came up but the anti virus and anti malware programs would not load.

Reference Embedded OpenType Font Heap Overflow Vulnerability - CVE-2009-0231 http://technet.microsoft.com/en-us/security/bulletin/ms09-029

http://***********.com/business/news/2011/11/microsoft-fails-to-patch-duqu-but-fixes-critical-hole-in-windows-tcpip-stack.ars

"Duqu-based attacks could allow attackers to run arbitrary code in kernel mode, allowing them to install programs; view, change or delete data; or create new accounts with full user rights. But Microsoft is still developing a permanent fix to the software, which will be included in either a future monthly update or an out-of-band patch, if it is ready earlier. "

I have Windows 7 Ultimate 32bit with Avira Pro, SAS Pro, Malewarebytes Pro, Spybot, Spywareblaster, Windows Defender, WinPatrol Pro with Firefox browser. Windows 7 has all of the latest Microsoft security updates installed.

Could there be an unknown installed program or maybe windows kernel is compromised. Could there be new accounts with full user rights hidden embedded somewhere? Changes to my security policies?

I notice a lot of outbound traffic from system on TCP and UDP now to ps.mshome.net betbios-ssn, netbios-dgm, netbios-ns TCP/ip

Begin scan in 'C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\'
C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_b7c78d327d35e10e\t2embed.dll
[WARNING] The file could not be opened!

I could not open, copy or delete this file. message stated I did not have admin rights. I was in admin mode.


Any help or suggestions will be appreciated.

Thanks

 

Ok, very frustrating. :-(
I could not shutdown my laptop clicking on the windows shutdown button. It just sat there. The lights on my wireless router were flicking very fast and the laptop wireless light was solid so I waited and waited finally disconnected the router to shut down the laptop and actually had to hold down the turnoff key for the laptop to shutdown.

I then plug the wireless router back in and turned on the laptop. The laptop would load the windows screen but hung when attempting to load the antivirus and malware programs. It just sat there with the wireless connector light solid green with just the rotating windows circle sitting there and the active lights flicking again on my router. I waited and waited. So I disconnect the router again and rebooted in safe mode with networking, turning the router back on.

I disabled all anti virus software but combofix said Avira was still running on desktop. It was not loaded. Taskmanager did not show Avira running. All the avira services were stopped. Procexp showed no avira processes or programs running. So I continued on anyway. So all these programs were run in safe mode networking on. Spybot Winpatrol were uninstalled.

Rootrepeal would not run as a memory exception error message initiated

Thanks

 

Ok Thanks for your speedy reply and all your help. I wonder what caused BSOD twice on overstack in one day and why there are connectivity issues. We had severe power outages over the past few days. Maybe, the problem is with my router or memory issue as event viewer shows. It's that Avira hidden file message that threw me off and the security bulletin.

IP_ICS_IPV6_LOG_CONFIG_IPV6_STACK_FAILED

IP_DNS_PROXY_LOG_ALLOCATION_FAILED">

Opps,
Hmmm,
Windows Search Service Details: The content index catalog is corrupt.
The index cannot be initialized.

I might have a windows or a hard disk issue with corrupted files.
After now looking in event viewer with 15 error messages that occurred over last few days. Should have checked there first. Sorry for taking up your time.