Swindmill

Also if this entry is still there it can be removed (below)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

But i am mostly worried about ‘C:\WINDOWS\system32\ssisvr32.exe’ , see why below (quoted from a website).

Process File: service.exe

'Process File: service.exe
Process Name: Worm.Win32.Raleka virus.

Description: service.exe is a process which is registered as the Worm.Win32.Raleka virus. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process

Author: na
Part of: Worm.Win32.Raleka virus

System Process: No
Application: No
Background Process: Yes
Uses Network: Yes
Uses Internet: No
Hardware Related: No

Virus: Yes
Trojan: No
Spyware: No
Security Risk (0-5): 4 ’

Mabey a thorough scan with scan inside archives with avast will detect this, also make sure avast it up-to-date before you start the scan.

If avast does not detect it please send the file in a passworded file to virus@avast.com, includ the password to open the file and a short description in the email.

–lee