Use md5 checksum to identify malware

1) download md5deep from here:
http://md5deep.sourceforge.net/#download

2) run the DOS script:
@echo off
if exist c:\out.txt del c:\out.txt
for /r c:\ %%a in (*) do (md5deep %%~sa >> c:\out.txt)
This will take hours, if you have plenty files.

Note: You can change the c:\out.txt to anything you will feel more comfortable,
and use like (*.exe *.dll *.sys) to guard only those high risk files, to save time.

3) Save the out.txt at a good safe place.

4) When ever you find that something is going wrong, run the above script again.
Then you can compare the old copy and the new copy, to find files that has been
changed. Then you will have a list of suspected files.