IE taken over by morwellsearch.com...plz help!

This is on my gf's laptop. I'm in santa barbara, and she's in the Bay Area.

I've had her run (in and not in safe mode) Ad-aware, spybot, ewido security, xoftspy (found stuff, but can't delete it cause i dont want to buy it) cwshredder, Stinger, CCleaner and nothing fixed it.

PLEASE help!!! She says it now opens other search pages (about.com, zip.com, etc...)

I've done everything your help file says before posting, so here is her hijackthis log.

I followed this completely
http://forums.majorgeeks.com/showthread.php?t=35407

Any help would be GREATFULLY appreciated, and I thank you in advance.

EDIT: I will only going home this weekend (10/19 - 10/22) and REALLY need help before then so I can fix this for her. She knows nothing of computers, so I really need this information before I go down please.

I have hijackthis log and ewido logs if needed.

 

Here they are

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Sorry, I had her make the hijackthis.log a couple days ago. I did however follow every step on the sticky thread, except the one about hijackthis. That was the last step (after around 3 hours) and she was getting very annoyed, so I just told her to run it and send it to me on aim.

I have a midterm tomorrow so I won't be able to get her to do those steps (she's not computer savvy) until tomorrow.

Sorry again about not fully following the sticky. I have to do all this over the phone while trying to tell a person who doesn't know much about computers what to do.

Thanks again for the quick responses and I will post a new hijackthis.log as soon as I can. I will also send her the "Symantec Trojan.Vundo Removal Tool 1.3.1".

Thanks again

 

Alright, I had her delete all that stuff and she is running the online scanners now. I will post the new hijackthis log shortly.

thanks

 

It's cool, you can go to bed. It's taking forever to run. She ran http://www.windowsecurity.com/trojanscan/ and she is now running "Bitdefender" and it is taking forever. She has a like 1 year old Hp laptop, so it is going slow

I'll post back later tonite when it's done though. Thanks again for all the help.

 

Alright, here is the hijackthis log and a bitdefender log

Thanks again for all the help, it is very appreciated

 

She said google works again now, and that her computer is running faster so I guess everything is fine now. Thanks again for the help! I tried everything I could to clean her comp and nothing worked, so thanks a lot for the help! She really appreciates it.