Looks like we were targeted by some script kids that found an exploit in vbseo and added a iframe tag to the vbseo config file making load of pop up appearing on the website.
I removed vbseo and every other hack from the site and left vbulletin and vbadvanced just to be safe while i do some further investigation on the matter.