mysterious trojan

I am using e-machines WIN XP home SP2. McAfee Security Center, MS Antispyware and WinPatrol.

Two days ago WinPatrol alerted me to a file C:\WINDOWS\system32\req.dll wanting to plug in to Internet Explorer. I click "No" do not allow, and from then on it proceeded to repeat every 2 minutes. MS Anti Spyware is also alerting me to this blocked BHO very frequently.

CPU usage very high, Internet Explorer freezes then after a long time works again. Mostly using Opera and since yesterday Firefox now. Task Manager shows 5 different files called svchost.exe are running. basmain.dll is disabled in BHO options, it is also called MS events.

Google search indicates this is a new-ish trojan Win32.Chisyne.F or Downloader-ZM, i tried to delete req.dll even though it was not visible in exploring windows files and also an associated (according to forum posts) 1.exe.

No anti-virus or anti-spyware programme finds anything.

McAfee customer support was not helpful.

For the last 24 hours, same thing is happening except with C:\WINDOWS\Fonts\basmain.dll.

I have tried KillBox but a strange message to do with "checking registry files" and renaming appears and I suspect the malicious file is successfully resisting attempts to be deleted. I suspect there are other files associated but don't know how to find them.

WinPatrol also has alerted me twice that my host files have been modified and there are regular attempts to change my browser homepage (this is new and it mentions HSremove, happened since I ran HSRemove, the last of the scans in safe mode).

I have run virus scans in DOS (first thing I tried, on advice from mcafee support), and this evening have just followed this site's "DO NOT POST UNTIL YOU HAVE" instructions.

Please help me. What next?

 

This guys in the Spyware Specific are best suited to handle this.