Browser plugins are easy to wipe out. When dealing with a rather persistent malware a few months ago, it had inserted a legacy policy for a proxy in the Windows registry in a place not commonly checked by malware scanners. You turn off the proxy settings, but at every reboot it would come back and nothing seemed to catch it at the time. Malware can inject things in to the local group policy and other places that are not commonly checked, such as the root cert store, making them very likely to be missed by tech support.