Persistent pop-ups, standard removal programs come up clean

Hi there,

I’ve run into some malware the usual cleaning methods can’t detect. Started getting pup-ups on April 31st, immediately went through all the systems files modified that day and deleted them. A bit harsh, but it’s worked before. Couldn’t get rid of one called mlljh.dll and another associated, similarly-named file.

Been getting at least 3 types of pup-ups since:
An innocent-looking Microsoft Internet Explorer window with the text: “There is a security vulnerability from the w32.rontokbroz.a@mm. We recommend you download one of the security software programs to prevent malware infections.” Looks like these hackers have a sense of humour.
Clicking the X in the right corner gets me to a website popup instead of closing the window.
Other times, a website pops up without the Explorer window., just as I’m accessing a new web page.

Some of the sites are:
"http:/ /www.amaena.com/securityworm5/?aid=vm_pk_scwaskw_7&lid=scan"
"http:/ /adultfriendfinder.com/go/g774822-pct"
"http:/ /www.sexbuddies.com/signup/sign-freel.html?aid=vm_pk_sbkw_59_k&lid=men+hot"
"http:/ /www.winantivirus.com/pages/scanner/index.php?aid=vm_pk_wav_3&lid=defender&ax=2&ex=1"


I’ve gone through the READ AND and RUN me first post, and followed all instructions. None of the downloadable programs found anything. Blacklight, Cwshredder and Look2Kill came up empty. ActiveScan came up clean, and Panda found and cleaned a Trojan whose description doesn’t match what I’ve got (and I’m still getting the pop-ups).

Systems summary follows:
Computer:
Operating System: Microsoft Windows XP Home Edition
OS Service Pack: Service Pack 2
Internet Explorer: 6.0.2900.2180

Motherboard:
CPU Type: Mobile Unknown, 1400 MHz (3.5 x 400)
Motherboard Name: Dell Inc. ME051
Motherboard Chipset: Unknown
System Memory: 247 MB
BIOS Type: Phoenix (12/22/05)


I’ve run a hijack-this scan and am attaching the 3 required reports. If anyone could give me a hand here, that would be much appreciated. I’ve turned to you guys once before, and you were fantastic!
Thanks in avdance for your help!

 

Excellent! Thanks chaslang. I followed your instructions, and the program killed the bug Excellent! Yeah, I'd looked through the Special Removal Procedures link in the READ ME earlier, but I didn't know which Trojan was mine, so I didn't know which fix to use.
Thanks again for the help!

 

Oops, forgot the new hijackthis log...