Pop up Blocker
Re:guy offers solid advice.
O4 – HKLM\..\Run: [ms078675-119235] C:\WINDOWS\ms078675-119235.exe
O4 – HKCU\..\Run: [zurw] C:\PROGRA~1\COMMON~1\zurw\zurwm.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{F3FD085C-E067-4189-B7B2-1CC23A10E149}: NameServer = 192.168.0.1
O20 – Winlogon Notify: H323TSP – C:\WINDOWS\
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\m8rmli9118.dll
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\guard.tmp
O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe
Yes, all of these are the problem. Looks like he has one of those polymorphic malware applications probably installed as a rootkit: zurwm.exe If you delete this from startup, I bet it will simply rename itself and run under a different name at startup.
You're in for quite a battle IMO.
EDIT – Might add….all you poker players get nailed with malware when you install their "applications". Something to think about after you get this fixed.
Pop-Up Stopper 3-in-1 & Anti Spyware! #1.
Re:Download this:
http://www.mlin.net/files/StartupCPL_EXE.zip
delete everything except for your nvidia, logitech and d-link stuff
Pdf Pop Up Pro – Add pop up and optin form to any PDF files
Re:search google for the A squared free edition and run that. It should get rid of some of it.
FileLock #1 Security Software**Up to $70/Sale**Crazy Conversion Hook!
Re:I suggest trying the routine I typed up: http://www.omnicast.net/~tmcfadden/scan.txt This runs a special one-shot scanner/cleaner from McAfee (not Stinger). Used as directed, it'll go after some of the worst spyware/adware in addition to Trojans, worms and viruses.
Be aware that PartyPoker is one of the threats it'll remove 
Also, since you appear to have Kaspersky AntiVirus Personal 5 installed, make sure to switch on the Extended databases. Kaspersky configuration instructions w/ video (http://www.mechbgon.com/build/kaspersky.html) After making this change, update it, reboot into Safe Mode, and run a full scan.
Lastly, some of the worst spyware/adware is now using rootkits. When Windows is running in normal mode, run F-Secure BlackLight beta (http://www.f-secure.com/blacklight) to check for rootkits.
A Willing Thread – Awakening Awareness of Your Inner Being
Re:It looks like you might have a more serious issue than just pop-ups.
I'm not an expert but there are a few things I'd recommend checking into as I don't know what these are. Some of these may be fine but others will be malware. This list is by no means definitive:
O4 – HKLM\..\Run: [ms078675-119235] C:\WINDOWS\ms078675-119235.exe
O4 – HKCU\..\Run: [zurw] C:\PROGRA~1\COMMON~1\zurw\zurwm.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{F3FD085C-E067-4189-B7B2-1CC23A10E149}: NameServer = 192.168.0.1
O20 – Winlogon Notify: H323TSP – C:\WINDOWS\
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\m8rmli9118.dll
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\guard.tmp
O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe
From my quick checks some of those are bad eg: H323TSP looks to be adware.looktome and the culprit generating popups while nvsvcd.exe and guard.tmp are backdoor trojans. The others are all suspect and likely to be malware. I would also check the EULAs of some of those poker software clients you have as they could in theory be sending you ads.
You can check stuff yourself – google search entries you are not sure of or look suspect.
Still I am by no means a qualified enough expert on this before you go deleting stuff. So please get a second opinion – as the second poster said goto other tech support forums for help who specialise more in HJT logs.
Sorry I can't be of more help.
Essential Home Security
Re:Copy and paste your log here: http://www.hijackthis.de/
Stop some of that software from starting up too even though its safe.
0 Comments.