I helped a friend track down and eliminate adobe popups and it turned out it was her linksys e2500 that was the issue as it had been infected by a worm called themoon. I had searched the forums here as sweeps using the usual tools was not getting rid of the problem obviously. Hopefully this post can save someone else a lot of time and wanted to register to post it. Linksys posted solutions include turning off remote administration, or changing remote admin ports from 80 and 8080, and that filter anonymous Internet requests is checked. After this power cycling. Linksys said a firmware update was in the works last month.
I also reflashed the firmware from the website and set to https only but those are my actions not recommended by linksys. If remote administration is needed restricting ips is also a good idea imho if possible. Anyway I hope it saves someone else time.
Edited by Nemesis3, 29 March 2014 - 12:49 PM.