ads : alternate data stream (since NT 4.0), run process/threads in the background
rootkits : fork the ads with rootkits use different rootkits some are userspace API and some are NASTY kernel userland API hooks. nasty b******
read the msdn2 library and/or blogs and develop "how to develop unsigned ntfs kernel modules."

psst, keep it low!

plus making files undectable and making process undectable are 2 things. yeah you may also use encryption and make them look like the original one for both file and process. hehe! M$ itself gives High Encryption Pack to all, after Genuine user auth. :-p good luck. hehe.

psst, smooth!

the iron geeks have one or two basic entry level rootkitting technique videos.

later, hiding whistle blower.