Hidden object clearing method

I. Questions

C: \ windows \ system32 \ lgsym. dll: Trojan DetectedProgramTrojan-PSW.Win32.OnLineGames.fq
C: \ windows \ system32 \ qqzos. dll: Trojan Trojan-PSW.Win32.OnLineGames.kr Detected
I processed some posts in your space. Although Kabbah didn't show the above prompt, it had a new problem. Every time I open my computer Kabbah, I will first prompt me:
C: \ windows \ system32 \ winrpcs.exe: the new variant risk software hidden object is detected.
Then:
C: \ windows \ system32 \ dfsdfsg.exe: the new variant risk software hidden object is detected.
And then a variety *. EXE file detected this risk software hidden object ....... kabbah cannot detect the virus, so that a prompt about this den object is generated every time. is it because I have not cleaned up the last virus or I have made new moves. I can't help asking Mr. Cui for a solution.
Supplement: For a long time, the network may be inexplicably disconnected. The network connection is displayed. the network cannot be found regardless of the webpage or network program. only cats can be disconnected. at the beginning, I thought it was a poor network quality. but I have never encountered this problem next door.
Sreng scan log omitted

Ii. Analysis

1. Disable System Restore before anti-virus (the win2000 system can be ignored): Right-click my computer, properties, system restore, and close the System Restore check on all drives.
Clear temporary ie files: Open the IE point tool --> Internet option: Internet temporary files. Click "delete file" to check all offline content and click "OK" to delete the temporary files.

Close QQ and other applications. Do not double-click the disk to open the disk. All downloaded tools are directly stored on the desktop.

2. Use the Force Delete tool xdelbox to delete the files listed below.

[Copy the paths of all files to be deleted during deletion. Right-click the list of files to be deleted and choose import from clipboard. After the import, right-click the file to be deleted and choose restart now to delete the file. The computer restarts and enters the DOS interface to delete the file. After the deletion is complete, the computer automatically restarts to enter the operating system you installed. Save the files that are being opened on your computer. For more information about xdelbox, see help. chm in the xdelbox1.2 directory .]

Code:
D: \ autorun. inf
D: \ pagefile. pif
E: \ autorun. inf
E: \ pagefile. pif
C: \ release E ~ 1 \ GLG \ locals ~ 1 \ temp \ servere.exe
C: \ release E ~ 1 \ GLG \ locals ~ 1 \ temp \ cftmon.exe
C: \ release E ~ 1 \ GLG \ locals ~ 1 \ temp \ crasos.exe
C: \ windows \ servicea.exe
C: \ windows \ system32 \ dfsdfsg.exe
C: \ windows \ system32 \ rpcsddos.exe
C: \ windows \ system32 \ winrpcs.exe
C: \ release E ~ 1 \ GLG \ locals ~ 1 \ temp \ xpe. sys

~~~ Note that the GLG in this article is the user name of the helper, or it may be Wang xiaoya/administrator. It depends on the specific user name of the poisoned party ..

3. Use the Sreng tool to delete the following items:

[When Sreng is enabled, the system prompts "the function content is inconsistent with the expected value. They may be modified by some malicious software". Please ignore the error and modify the software after installation .]
========================================

Code:
Start Project --> Delete the following items in the registry [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run]
<Wu1jz> <c: \ docume ~ 1 \ GLG \ locals ~ 1 \ temp \ servere.exe> [N/A]
<Dlf67keir> <c: \ release E ~ 1 \ GLG \ locals ~ 1 \ temp \ cftmon.exe> [N/A]
<64qq0fg020gw7> <c: \ docume ~ 1 \ GLG \ locals ~ 1 \ temp \ crasos.exe> [N/A]
<Uewhqm4x8> <c: \ windows \ servicea.exe> [N/A]

========================================
Start the project --> service --> Win32 service application to delete the following items
[Sadsaads/afdsfsgg] [stopped/auto start]
<C: \ windows \ system32 \ dfsdfsg.exe> <Microsoft Corporation>
[Remote Procedure Call System (rpcsddos)/rpcsddos] [stopped/auto start]
<C: \ windows \ system32 \ rpcsddos.exe> <N/A>
[Windows rpcs/winrpcs] [stopped/auto start]
<C: \ windows \ system32 \ winrpcs.exe> <N/A>

===============================================< br> start the project --> service --> Delete the following driver items (if not deleted, set the type to disabled !)
[king001/king001] [stopped/manual start]
<\?? \ C: \ docume ~ 1 \ GLG \ locals ~ 1 \ temp \ xpe. sys>