I ran Malwarebytes and it found and said it removed Trojan.DNSChanger (I'll attach the logs). Afterwards the DNS redirection problems continue though, and am not sure what to do next. (HijackThis log does not show anything obvious, AVG scan came up negative, additional mbam scans (including full scan) show nothing. Have also cleared System Restore area, flushed DNS cache, rebooted, etc.
One issue is that because of the DNS redirection, mbam can't update itself, so we are stuck at the database version 1654 from 1/14 and can't get current. Is there any way to manually get the update (I can download files from my machine and upload them to the problem machine if I knew where to get it).
I am attaching attach.txt and DDS.txt and hope to hear back with some suggestions. By the way, the C:\Documents and Settings\Bill Russell\Desktop\Let Barry connect.exe and
C:\DOCUME~1\BILLRU~1\LOCALS~1\Temp\7zS6.tmp\winvnc.exe entries are legit; they are the UltraVNC singleclick that I am using to have him connect me to the machine. Also, I think the g2mdlhlpx.exe is ligit; he does have Citrix GotoMeeting installed.
Thanks for any help!