I figured out everything I have read in these forums, including removing sync info from Google servers for Chrome (only infected browser) and removed Google Chrome as well BUT the infected "secure preferences" file continues to return in the appdata, even without Chrome installed.
Any other ideas to try?
Any other ideas to try?