By way of Sergey:
Microsoft Research has a short paper on using hackers' tricks against them, including using differential file system scans (using WinDiff) from infected vs. clean OS boots to detect hidden files [via G. Andrew Duthie]
Follow the link to Andrew Duthie's post as well for more comments. This is a great tool in the fight against malware.