Error 0x000007b{Bad Image}

[jhep3304]

When running a Boot Scan, (move to chest) I get Error 0x000007b{Bad Image} for all PUP's.  Originally posted in "General Topics" and reply asked for these files and directed me to repost in "Viruses and Worms".  When I rerun a Boot Scan, the files are still there.

[jhep3304]

This is the 5th file I was asked to submit:

[Secondmineboy]

No malware remover is online right now.

Please be patient, it could take some time till one arrives.

[Pondus]

and you know what PUP is ?

PUP = not virus / Possible Unwanted Program

so what files are detected as PUP ?....you may attach a screenshot of the scan result

[essexboy]

Does you firefox take a long time to open ?  As I think that you have the most extensions that I have ever seen

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
[2013/08/10 16:09:51 | 000,000,000 | ---D | M] (getsav-in) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\ Files\extensions\getsav-in@jetpack
[2013/05/05 07:42:10 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\ Files\extensions\jmwgabsbmtxairm@wzcttjml.com
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\ Files\extensions\speeddial@instair.net
[2013/05/05 07:42:09 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\jmwgabsbmtxairm@wzcttjml.com
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\speeddial@instair.net
[2013/09/25 20:56:50 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\anttoolbar@ant.com
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\speeddial@instair.net
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\m Files\extensions\speeddial@instair.net
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mfslgf6g.default-1375961310995\extensions\speeddial@instair.net
[2012/09/07 10:49:34 | 000,000,000 | ---D | M] (TotalRecipeSearch) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mko23l3h.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
[2013/05/05 07:42:07 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mko23l3h.default\extensions\jmwgabsbmtxairm@wzcttjml.com
[2013/08/10 22:08:01 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mko23l3h.default\extensions\plugin@selectionlinks.com
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mko23l3h.default\extensions\speeddial@instair.net
[2013/05/05 07:42:06 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\yohktqcx.default-1363650721764\extensions\jmwgabsbmtxairm@wzcttjml.com
[2013/08/28 18:43:09 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\yohktqcx.default-1363650721764\extensions\speeddial@instair.net
[2013/08/26 20:46:06 | 000,010,221 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\ Files\extensions\firefox@linkswift.co.xpi
[2013/05/04 14:31:48 | 000,029,603 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\ Files\extensions\staged\addon@defaulttab.com.xpi
[2013/08/26 20:46:06 | 000,010,221 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\firefox@linkswift.co.xpi
[2012/11/14 16:39:44 | 000,041,615 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}.xpi
[2013/05/04 14:31:48 | 000,029,603 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\staged\addon@defaulttab.com.xpi
[2012/11/14 16:40:32 | 000,041,615 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\7wj2zutn.default-1352924621031\extensions\staged\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}.xpi
[2013/10/25 13:20:19 | 000,085,537 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\afterthedeadline@afterthedeadline.com.xpi
[2013/08/22 20:32:06 | 000,047,805 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\caller_analytics@vshsolutions.org.xpi
[2013/09/23 06:14:27 | 000,015,418 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\customizenewtab@alejandrobrizuela.com.ar.xpi
[2013/10/24 16:01:28 | 000,426,358 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2013/08/08 20:55:03 | 000,139,518 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\showmemore@suskind.xpi
[2013/08/08 20:55:03 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\h8ee0rjq.default-1376007700091\extensions\status4evar@caligonstudios.com.xpi
[2013/05/04 14:31:48 | 000,029,603 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\mko23l3h.default\extensions\staged\addon@defaulttab.com.xpi
[2013/08/26 20:46:06 | 000,010,221 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\yohktqcx.default-1363650721764\extensions\firefox@linkswift.co.xpi
[2013/05/04 14:31:48 | 000,029,603 | ---- | M] () (No name found) -- C:\Users\John's\AppData\Roaming\Mozilla\Firefox\Profiles\yohktqcx.default-1363650721764\extensions\staged\addon@defaulttab.com.xpi
[2013/10/31 18:08:39 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\jmwgabsbmtxairm@wzcttjml.com
[2013/10/31 18:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
O4 - HKU\S-1-5-21-2264341341-2051475098-2484004248-1001..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)[2013/10/22 15:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2013/10/09 08:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/11/01 13:02:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/11/01 13:01:47 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

• Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• post the contents of JRT.txt into your next message.

[jhep3304]

All 3 PUP's pointed to the same instance in 3 different folders:  Win32:Mindspark-A [PUP] under C:Windows\SysWOW64\Config\SystemProfile\AppDala\LocalLow\MapsGalaxy_39\bar\Cache\0190xxxx.cab

Mindspark seems to be a residual of a program I tried out called "MapsGalaxy" and then deleted using the softwares own delete tool.

I reran Avast Boot Scan with the delete option instead of Move to Chest and that resulted in "action successful" for all three instances.
A "Win Explorer" search computer for MapsGalaxy shows no file found.

A third Boot Scan shows "no virus found"

As a 72 year old "non-techie" this doesn't make sense to me, it seems if the program could be deleted, it should have been available to move to the chest.
I guess that's why I'm more comfortable working on my uber expensive farming equipment than I am on this $1500 computer.

I saved a screen shot to Word but this site won't let me attach it.  I tried to get the screen shots in Notebook but that doesn't work.  There must be some way to attach a screen shot but it's beyond my poor powers.

[jhep3304]

Steve W.
I wasn't complaining, it's just that my original in "General Topics" asked me to submit 5 attachments and this site will only allow me to attach 4 at a time.  That's why I sent a second reply with the 5th and final attachment. 
Sorry for the poor wording, I can see how you read it as a complaint, but none was intended and I am grateful for any and all help.

[Secondmineboy]

Thats no problem to post them in 2 posts.

There is no other way.

[Pondus]

Win32:Mindspark-A [PUP]   yes this seems to be a toolbar / Browser Hijacker that comes bundled With some programs

run OTL as Essexboy instructed and remaining leftover files should be removed

attach the log so he can check..