This was driving me mad. I got it only by clicking the User CP. The odd thing is I ran CCleaner and Malware Bytes and neither picked it up. Regardless, I did AWAdmin's protocols and the manual remove so keeping fingers crossed.
Adding my thanks for the assist.
ETA: After going thru the steps above, I got the download again first time back. I suspect the manual remove was simply insufficient, so I went the automated SpyHunter program suggested by keepbrowsersafe. Again, Malware Bytes didn't catch any of the stuff SpyHunter is catching.
ETA2: Annnnnd, do I feel stoopid! I waited for over 45 minutes while SpyHunter scanned my computer, caught 549 threats and when I clicked "Fix Threats" it tells me I have to purchase the software. I'm a bit miffed there was nothing about this in the keepbrowsersafe post. In fact it says: "Just download and install the free scanner provided below and leave rest to it." So for the sake of warning others, scanning is free, "leave the rest to it" means buying the software for $39.95 (for 1 computer for 6 months!). CNet reveals this "scan then charge" tactic is a common complaint about SpyHunter
So...I ran MalwareBytes again. It didn't catch the stuff SpyHunter did, so I'm trying Ad Aware. I used to use it but I opted for CCleaner on my new computer. *sigh*