Restored the 3 files to their original locations from the chest instead of to a different folder. Managed to upload dll32.exe for scanning, results attached. The other 2 uploaded as 0 bytes.
Restoring to the original locations is dangerous if they are in fact malicious. Any run command in the registry will be able to run the file/s because they are in the original location. For testing you should always use the Extract and put them in a temporary location not the original. The only time a file should be Restored to the original location is if it is found to be a false detection.
Send Df34.exe to Alwil as it isn't detected by avast (if not in the chest, user files section, add it) you can send it from the chest and send it from there (right click the file in the chest, select email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
The other two should also be in the chest and delete any copy outside of the chest, you don't need to send these as they have already been detected by avast.
Once you have done that run an avast boot-time scan and run avg-anti-spyware from safe mode if you haven't done these yet. Then run HJT and post the contents of the log.
