Getting rid of spyware

What is it that keeps popping up? And have you punched it into a search engine to check the severity of it?

Run Malwarebytes and see what it says

Recently picked up a trojan in a scan in an application (not on this comp, on a separate one) I'd already launched. Initially it wouldn't let me delete it but my antivirus put the file in to the virus vault. I've ran plenty of scans, spybot, malwarebytes, Rkill in safe mode, combofix, and nothing has come up.

Is it gone? Anything else I should do?

To everyone with malware: download ComboFix, get log, post on BleepingComputer...

Rinse and repeat....

you've probably had some sort of java plug in issue. even if it isn't this advice should be heeded by all:

https://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

unless you have a compelling reason to running a java plug in, then you should have it disabled at the moment. in fact i can't think of one reason to have the java plug ins running right now. maybe enable them temporarily when you need to do something but that would be it. there have been some serious security issues discovered in the past month. i'm not 100% sure if it affects older versions, but it all came to a head when oracle released java 7 update 10 in early to mid january.

if you do need to run a java applet permanently, then most likely your a developer of some sort so you should know of the security risks. if not, then what i would recommend is to have two profiles with chrome or firefox. one for your regular browsing and one for your secure browsing such as banking, e-mails etc,. with your secure profile ONLY visit the sites that you need to, and ALWAYS close your regular profile whilst on those sites.

i don't run any java plug ins (java is the number one cause of internet infections every single year) so i haven't followed it too closely... so i may not be 100% accurate here but my understanding is what was discovered was that it was possible to run java plug ins automatically, getting around the user setting "ask before running plug ins". so someone could write a malicious applet such as a keylogger, inject it into a legitimate looking site and have it run automatically when you open that page. so whilst you continue to have that page open the applet is logging your keystrokes. that was my understanding of the main flaw that was found.

Donners you may have been browsing what you thought were legit web sites, but it isn't out of the realms of possibility that they were temporarily compromised or something like that.

going a bit further, i don't see much of a reason why anyone should have java on their computer at all. i'd recommend, uninstalling and only reinstall (which is easy to do) if something stops running. the whole java platform has fallen to shit in recent years. android is about the only thing keeping it relevant at the moment imo (and it's a pretty handy trump card to be fair). if you do need to have java on your computer, make sure you have java 7 update 13 or java 6 update 39.

someone might ask about android now because it's pretty much based on java which is true. as at this moment though there doesn't appear to be any major security holes on the android. the reason for this is because android uses a virtual machine called Dalvik to process java files. Computers use a virtual machine called the Java Machine Virtual (original), and it's the JVM that is compromised at the moment.

That's not to say Dalvik is completely secure, I'm sure there are some exploits out there that are unknown at the moment.

Donners

Here is two good example of you browsing a reputable site but it has malicious code sitting on it

http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/
http://krebsonsecurity.com/2011/12/amnesty-international-site-serving-java-exploit/

almost certainly that is the case man. this java thing is bad. oracle have pretty much screwed up java.