As an additional, could you open task manager , locate one of the *32 elements right click and select properties then note the location stated
attached are the search results.
The location of the wininit.exe *32 is c:/windows/sysWOW64
Ta that confirmed that those files have been tampered with
Start an elevated command prompt
Go Start > All Programs > Accessories
Right click Command Prompt and select run as administrator
In the black box that open type :
sfc /scannow
Then press enter
On completion of the scan reboot and let me know if the alerts are still present
So i ran the scan and rebooted but the pop ups are still happening. Attached is the message from the completed scan.
Do you need the cbs.log file? I searched the log for any corrupt files and saw that the thumbcache.dll shows up as being corrupt and can’t be repaired as the source file in store is also corrupt.
Thoughts?
The corrupt thumbnail is not a problem. Looks like we will need to work outside of windows
Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
https://dl.dropbox.com/u/73555776/liveusb_ru.jpg
[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
https://dl.dropboxusercontent.com/u/73555776/Live%20boot%20screen.png
[*]Use arrow keys to select DrWeb-LiveCD (Default)
https://dl.dropboxusercontent.com/u/73555776/drwebselect.JPG
[*]Press select objects for scanning
https://dl.dropboxusercontent.com/u/73555776/drwebfolders.JPG
[*]When the system is loaded, check the disks or folders you want to scan, and click on Start.
[*]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
https://dl.dropboxusercontent.com/u/73555776/drwebscan.JPG
[*]When it has completed
https://dl.dropboxusercontent.com/u/73555776/drwebscancomplete.JPG
[]Select Open Report and copy to the USB
[]Once completed reboot to normal windows, and attach the report here
OK, I downloaded the program, created the bootable drive on a usb stick. Changed the bios to boot from the usb drive. When the program runs it boots buts gives the following error.
Error: net.eth0 failed to start.
Error: cannot start netmount as net.eth0 would not start.
That is a script error within the Gentoo operating system
Looks like I will have to try a manual fix
Run FRST and in the searchbox type the following :
dllhost.exe;svchost.exe;wininit.exe
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Press search files
On completion a search text will be generated please post that
Thank you, here are the logs.
Ah sorry I was after a search to locate all copies of that file so that I can do a swap
Sorry I misread that. Here is the search log.
Hmm weird as the MD5’s are all legitimate which does not indicate a tampered file
If you wish to continue I would like to get an analysis log after a virus scan
This will produce a zipped analysis file which I would need you to upload to a file sharing site for me to collect i.e. Mediafire
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
Select the cog to access scan areas
https://dl.dropboxusercontent.com/u/73555776/Kas%20front.JPG
On the first tab select all elements down to OS C and then select start scan
https://dl.dropboxusercontent.com/u/73555776/Kas%20Scan%20area.JPG
Once it has finished select reports and post the detected threats
.
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
https://dl.dropboxusercontent.com/u/73555776/kas%20manual.JPG
Once it has completed then click Step 2 Report sending
https://dl.dropboxusercontent.com/u/73555776/avp%20report.JPG
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
Just a quick update, the virus removal tool is still running and is at 55% completed. This is the second time running this tool.
The first time I ran it, at around the 50% completion mark it found 2 threats and required a reboot to complete the removal process.
The threats found were both rootkit.win64.sst.d and those have been cleared now. Since they have been removed I haven’t had any pop ups from malwarebytes or Avast. Also the wininit.exe 32, dllhost.exe32 and scvhost.exe*32 processes haven’t appeared in task manager either. Hopefully that has fixed the problem.
I will still post the log reports once it is finished. Are there any other programs that I should run once this has been completed? What about deleting all the programs that I downloaded earlier frst, tssdkiller etc…?
Hmm TDSSKiller was recently updated to get that one I wonder why it missed it
With regards to the programmes that you have been using we will safely remove them once you are happy
Here are the logs and Zip file.
http://www.mediafire.com/download/3b2n93dh2mpq150/avptool_sysinfo.zip
Everything seems to be running normally now. Still no pop up messages. Is there any other programs you recommend that I run?
Sysinfo looked good so I think you can call yourself done 
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
Then click OK (or press Enter ).
Wait for the uninstall process to complete.
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 
Excellent, everything is complete and programs updated. I will be passing all the info on to my parents as well.
Essexboy thank you so much for taking the time to help me this. I really appreciate it.
Thanks again,
Steve
My pleasure