I agree with the comments about preventing the infection of malware in the first place. I found when doing testing for my book that some (I didn't try them all) user-mode rootkits would not install if the account didn't have certain privileges.
Removing the ability to write to certain areas of the Registry (ie, HKLM\..\Run) and the file system can also help.
"Windows Forensics and Incident Recovery"
Indeed. Mark Russinovich presented a great session @ TechEd USA (SEC425 Understanding and Fighting Malware: Viruses, Spyware and Rootkits) where he discussed the risk that user-mode rootkits can install without admin rights though he did point out that they'd only run whilst logged in as that particular user and hence not being admin gives a degree of separation.
I really like your Blog :-)