Well, CTM will work but it's not intended to monitor the system against malware.
Maybe you can think on:
1. "Running" the malware in a virtual environment.
2. Use the free tool http://www.toolwiz.com/products/toolwiz-time-freeze
until Comodo Time Machine does not get gold. Look, some rootkit are capable to bypass Toolwiz Time Freeze also.
Thank you for the reply. Sorry I haven't been able to get back to you until day, I've been busy working on a few customers computer. I will try Toolwiz Time Freeze. I don't think the rootkit bypassing Toolwiz Time Freeze will do any damage. It might make it a bit harder to analyze though. If worst comes to worst, I'll just revert to an earlier snap-shot. Thanks.