Some one installed this bundle, I think sometime in January.Most of it was uninstalled using Add/Remove programs but Solid Savings stays installed as an irremovable Extension in Google Chrome.There is no way of disabling it or removing it like other Extensions.
If it won’t be removed through normal means than it is “malicious”.I uninstalled Google Chrome and also Disabled two(2) processes that were not removed.Those processes are DefaultTabSearch.exe and DTUpdate.exe.
Two other programs that were a part of the bundle are called Default Tab and WhiteSmoke Toolbar.
Of course, it changes your Home page and adds its own Search Engine.
After much research,I figured I would reinstall Google Chrome and immediately all three Extensions returned in Google Chrome.
This requires much more trained removal methods and experts.

Note Malwarebytes has not run properly on this PC for years.I used SuperAntiSpyware in its place.
Hope we can also clear up that problem. MalwareBytes is an excellent tool but I may have deleted some things in error over the years. There have been other “bundles” in the past.

Thanks for your help!!! Avast Forum is really great.

More attachments in next post. (OTL Extras plus AswMBR)

More attachments here.Thanks again.

I had to add .txt to MBR.dat to attach.Don’t know why it came out that way the first time I ran it.

hey and welcome to the forum.

a malware expert will help you from here, when one is online later today.

Let me know if this kills it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
[2011/06/16 05:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/20 21:57:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
[2009/09/03 14:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Bandoo
[2012/08/20 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\311C5

:Files
C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

That did not kill it,yet. Solid Savings extension still there in Google Chrome.
MalwareBytes still stalls at File Scanning.It doesn’t stop completely but only uses 1% CPU about every 6 to 10 seconds.Scans about 18-24 files per min.
Otl log attached.

Uninstall MBAM via control panel and then download and run MBAM clean from here http://helpdesk.malwarebytes.org/entries/20818461-Use-mbam-clean-exe-to-completely-remove-Malwarebytes-Anti-Malware

There is no evidence of an active component within Chrome, can you delete the extension ?

Please download Malwarebytes Anti-Malware to your desktop.

[*]Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
[*]At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings<USERNAME>\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\Logs

Windows Vista & Win7:
C:\Users<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes’ Anti-Malware\Logs

Hello Essexboy.
Did as you advised about MalewareBytes,but it still sloooows way down after the memory objects and gets to scanning the files.I even put the mutual exclusions in as recommended on this forum and MalwareBytes forum.
Even rebooted after exclusions were made.
I am running Avast Free version 7 and trying to get things in order before updating to version 8.

I did get MalwareBytes to scan in Safe Mode and a certain user is in deep doo-doo with me.It may take me sometime to get things in order to run MalwareBytes in Normal mode.

If you say that you see no activity in regards to Solid Savings then so be it.Hope Google Chrome comes up with a way to prevent this exploit of the Extensions.I attached a pic of what I see in the Extensions.

Do you have any thoughts on what I might do to get this PC back in order?
Or should we just clean things up as regards the malware tools.
No matter what ,I do sincerely appreciate your help and advice.You are very fast in your replies. ;D

I did remove the folder related to solid savings so mayhap I just confused Chrome

I would suggest that you run AdwCleaner on each user to ensure all the garbage has gone