1.   Ports:           netstat -naob on Windows is like lsof -i 
2.   Processes:       tasklist (GUI) or wmic process list full
3.   Services:        services.msc or net start, sc query | more, tasklist /svc whos which services are running out of which processes
4.   Odd files: size > 10,000KB
5.   Odd registry:    HKLM\Software\Microsoft\Windows\CurrentVersion\ 
                                                                Run
                                                                Runonce
                                                                RunonceEx
     or               reg query 
6.   File share:      net view \\127.0.0.1
7.   Incoming:        net session
8.   Outgoing:        net use
9.   NetBIOS/TCP:     netstat -S
10.  iptstate:        netstat -an 5
     or               netsh firewall show config
11.  Scheduled tasks: schtasks or System Tools -> Scheduled Tasks
12.  Start-up items:  msconfig.exe 
     or               wmic startup list full
13.  User accounts:   lusrmgr.msc
     or               net user    and    net localgroup administrators
14.  Logs:            eventvwr.msc 
     or               eventquery.vbs /L security
15. Fport, TCPview etc
16. wmic process [pid] delete
    sc stop [service]
    sc config [service] start= disabled