[:detect an infection:]
If you are a more experienced PC user you can check out your system with some free special tools. Download Process Explorer from Sysinternals. This tool will allow you to analyse all the running processes in more detail. The normal windows taskmanager should not be trusted for this purpose as processes can be hidden from it quite easily. Check all the running processes for strange names. If you hover over a processes name it will display you the location of the corresponding binary. Look for names like svch0st.exe or 1explorer.exe as Trojans try to obfuscate by imitating system names. If you are not sure you can also google the suspicious names that you found. If you found the malware then suspend the corresponding process.

Next step, download TCP View from Sysinternals. This tool will show you all open network connections on your system. If the Trojan waits for connections from the Internet or communicates with a remote server, then you will see an entry in this list. As before try to check for suspicious process names. Entries may look like this:
Proxy.exe:108 TCP myPCname:3871 remotesystem.name:http ESTABLISHED
logservice.exe:392 TCP myPCname:6866 myPCname:0 LISTENING

This would indicate that I have an outgoing connection from the process proxy.exe to a system called remotesystem.name on TCP port 80 (http). Also there is a listening TCP port 6866 waiting for incoming connections to the process logservice.exe. Search for outgoing connections to strange ports or addresses. Unfortunately it can be that a Trojan has injected itself into another process like Explorer.exe and is communicating form within it. This would then show up as explorer.exe.

Next step: Let's hope you were able to identify the malicious process and the corresponding file. Download AutoRuns from Sysinternals. This utility will show you all the applications that are set to start when you restart your machine. Browse through this entries, specially the registry run keys and check for suspicious applications. If you have found a file in the steps before then look for links to it. If you found the malicious entry then make a note of it (in case you were wrong) and delete it from the list. Make sur that you suspended or terminated the process as otherwise the malware might re-create the autorun entry. When you cleared the autorun entry, reboot your machine and check again if the symtopms are still present.

If those steps did not remediatet the risk from your machine, then you might consider doing some of the following steps:
  • Download RootkitRevealer from Sysinternals and check your system.
  • Submit your suspicious files to virustotal.com for a better AV check.
  • Use Process Explorer to check all details of all processes including loaded dlls.
  • Use Filemon and Regmon to check for suspicous file or registry writes.
  • Boot into safemode and try the same analysis again.