Browser Redirect nightmare

Hello my friends.

I am having a bit of an issue with a new infection that is kicking by butt. I have an Acer laptop with an i3 and 4gb ram. I have run the following tools. ADW, Malwarebytes, SuperAntiSpyware, Adaware, Eset Scan, MS essentials scan, TDSS Killer, MBAR Rootkit beta, TFC, JRT, CCleaner portable. all clean all run with admin priv. in safe mode with networking where applicable.

When you open "Any" Browser after 30seconds the cursor loses focus and if you click to gain it back you get a new page that redirects twice (address changes) and ends up on a "fake" Norton page saying your infected with a persistent pop up that requires you to CAD and kill IExplore.

For those of you who know me know I am very thorough and I have look through the registry at Run keys, IE Keys, Chrome keys, FF Keys, and Safari keys. Each browser shows clean of all add ons and all have been reset including the remove personal where applicable.

please help I have no hair left to pull out.
its nearing a reinstall but I hate to do that over a stupid browser hitchhiker.

Never mind. there was a renamed piece of free "Conduit" software called skycaddie. Once remove the redirects stopped. found it through perusing a hijackthis log. it showed ok but had conduit extensions. It had 3 conduit processes loaded with windows.

When in doubt, its usually a program thats still on the system. I've been finding some nasty stuff lately.

Also, consider running Autoruns because sometimes there can be lingering problems when malwares startup files are still present.

Gator said:

When in doubt, its usually a program thats still on the system. I've been finding some nasty stuff lately.

Also, consider running Autoruns because sometimes there can be lingering problems when malwares startup files are still present.

Indeed I did run Autoruns, always do as the next to last step along with clearing restore points and creating new ones. The only way I found this one was using Hijackthis log and saw 3 references to Conduit.sys and 2 conduit.dll tied to the sky caddie program. It passed all the scans and tests I could toss at it including AVG and Kasperski rescue cd's which are usually pretty good at catching hidden browser add-on's. There was nothing about the program that even bespoke of conduit accept the links to the sys and dll files (which are aslo manually removed).