Download Microsoft Debugging Tools
Start->Debugging Tools for Windows->windbg
or C:\Program Files\Debugging Tools for Windows\windbg.exe
start a command prompt and create a temp directory: mkdir c:\temp
Verify local firewall software is disabled, the following command requires it. If the symbols can't be read, try the reload function File->Symbol file path. It may prompt you with a firewall dialog.
Point debugger to Microsoft's symbol store by typeing:
!process 0 0
!chkimg -d nt
To get rid of the invalid hooks, type: !chkimg -f nt
!for_each_module !chkimg @#ModuleName
Scroll to the top of the list, all entries should be pointing to nt!kitrap????
Task Selector = 0x00A0 - is ok too.
Red circle depicts viral entries:
sigcheck -e -u -s c:\
Any suspicous files should be deleted, try renaming them or use: movefile maleware.exe ""
If file still cannot be deleted, delete with an offline utility like BartPE.
For hard to delete registry keys, use: regdelnull hklm...