The MBR in an MBR disk is only 512 bytes with less then half of it reserved for bootstrap code. Easily repaired in a number of ways if it gets a virus but there is not much a virus can do in an MBR but jump to more code somewhere else on the disk. If it was a GPT disk, there is more room for malware but it is still only 16kbs of data that need to be fixed. No reason to zero the whole disk. Without a boot sector or file system to reference it, any malware left on a disk is just a random sequence of bytes with no possibility of execution that will eventually be overwritten by a new file system that sees it as empty space on the disk. Diskpart "clean" should be enough. That will zero the mbr or gpt sectors. "Clean All" would definitely be overkill because the boot sector of any system partition should be restored from a clean image. Not likely this system had any MBR or boot sector infections from the description of the problem so I do agree that it was overkill but not a bad way to deal with the problem since the system was imaged and backed up. The time spent doing that was probably no greater than it would have taken to track down the infection which was most likely an extension coded in javascript in the browser's user folders. I've seen this sort of thing before in Chrome and the solution was to uninstall Chrome, manually delete the data folders that Chrome creates in the user's app data folder and reinstall it.
On pop-ups: I noticed some legitimate pop-ups in Yahoo lately (like for my fantasy football team.) I have various pop up blockers, so I guess there is a new pop-up method that bypasses them. Also, I recently added Popup Blocker Pro, and now I cannot use any Yahoo search results. If I click on a Yahoo search result, Popup Blocker Pro treats it as a popup and asks for my permission. Google search results do not cause this.
