From Autoruns, I don't recognize this one:
c:\program files\biblioteca microsoft\diziorom\qs96i.exe
Is that some sort of bookshelf or library app? Can't find any info on it.
Sorry, the autoruns logfile is just to dang hard to read. Did you set the option to "hide signed microsoft entries"?
Just follow a few rules here:
Look for any entries that have wacky names. Pay special attention to files in the system and system32 folders. Delete ANY entries that are in a temp folder.
If an item is suspicious to you, just type it into Google and search, you'll quickly find out.
Cause the log is so hard to read, if you're industrious enough, post all the file names
As for HJT, remove:
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch =
http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.arianna.it/perie/hometestie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.iol.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infostrada LIBERO
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = abbonati.libero.it;www.libero.it;*.libero.;*.;<local>
R3 - Default URLSearchHook is missing
O1 - Hosts: 198.65.164.168 00hq.com
O1 - Hosts: 198.65.164.168 8ad.com
O1 - Hosts: 198.65.164.168 008k.com
O1 - Hosts: 198.65.164.168
www.008k.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - Global Startup: PCSuiteperPanasonicX701 Detect.lnk = ?
O4 - Global Startup: PCSuiteperPanasonicX701 TS.lnk = ?
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
This one is a tuff one, if you remove it, it could "break" your network and you won't be able to go online, however, if you are having Internet issues, this could be the problem:
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
I would suggest NOT deleting it until you download an LSP repair program such as "WinSockXPFix.exe" which you can download from the link on
http://www.iup.edu/house/resnet/winfix.shtm
Once you have this file, then fix this LSP entry. Just in case HJT can't repair the Winsock itself.
Now keep cleaning:
O14 - IERESET.INF: START_PAGE_URL=http://www.iol.it
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: CR - Sysinternals -
www.sysinternals.com - C:\DOCUME~1\Claudio\LOCALS~1\Temp\CR.exe
Once these are removed, scan again and look through them. Almost everything that is GOOD is pretty easy to tell by the path and file name. You can tell if something belongs to one of your programs etc...
When you fix the LSP entry, HJT will do a quick restart, scan again as soon as it does. I don't know why there are entries for "sysinternals" with file names in the temp folder. Could be they are going to remove something on startup? But doesn't matter just remove them.
Then post here again. And post the names from autoruns.