server2.mediajmp help!

I run a pretty clean machine (as far as malware goes) most of the time and when things go wrong I can usually fix it..... but this is sticky and I need expert help!

3days ago I was checking my yahoo mail and when I was done I signed out and perused the headlines and I got this pop-up tab and pop up window that looked like a news story for work-at-home job. I was suspicious and clicked on NOTHING. I googled the supposed news station and of course no such station existed, so I esc out of the pop up window (just repeated it's headline on it) and x'ed the tab. shortly after I got another popup tab and window with a "you win!" scam on it. I looked at the address bar and it was "server2.mediajmp". A little while later while googling something else, another popup tab and window with a fake work-at-home news story popped up even before I could open any links and the address was "server2.mediajmp" again.

So I updated and ran just about every scan in existence;
AVG antivirus
Superantispyware
ad-aware
spybot search and destroy
hijackthis
malwarebytes
windows defender (would not update)
ran CCleaner cleanup and register cleaner

ALL came up clean. I tried surfing again, got another pop up and came to majorgeeks and ran the "read and run me" and the Windows XP cleaning procedure. Rootrepeal hung for 2days so I stopped it, but it came up with this;
C:/hiberfil.sys STATUS: locked to the windows API!

and I can't find MGTools anywhere (I just KNOW I downloaded it to C: but it's not there!), but after I turned my AVG back on it found it and all this;

"C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP722\A0047161.exe";"Trojan horse Dropper.VB.DCI";"Moved to Virus Vault"
"C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP722\A0046992.SYS";"Virus identified Win32/Patched.DY";"Moved to Virus Vault"
"C:\MGtools.exe";"Trojan horse Dropper.VB.DCI";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\fsyz1uz6.default\Cache\30036096d01";"Trojan horse Dropper.VB.DCI";"Moved to Virus Vault"

I wasn't going to touch any of it till I got the go ahead from you guys, but I forgot I set AVG to do it automatically Sorry.

Here are the logs I was able to get.... it's been a hectic and harried 3 days, I'm sorry if I've missed anything. Thanks guys, you rock! :guitar

 

AVG uninstalled successively. When I tried to download MGTools, I get a "file not available" message from firefox. Is there another location to download it from?

Here is the log from Gmer
Thanks for your help!

 

Got same error message in firefox. It downloaded fine in IE. Ran fine, no probs.
Here's the log. thx.

 

I had no problems at all. All went smoothly. Thank you so much!

Questions:
Is there a reason you haven't updated XP to Service Pack 3?
Do you recognize these addresses? 68.94.156.1,151.164.8.20

I didn't know SP3 was out, I will update right away.
Whois says those IP's belong to my ISP.

I repeated my actions the day the problem showed up and I have not encountered the same problems. Thank you! I think the XP Cleaning procedure and your advice and patience got rid of the problem! YOU ARE AWESOME! :dood:guitar:boxing

I've since reinstalled AVG 9 free and all is well

 

Done and done! Thanx again! :-D:wave