Understood, but we're not even sure that there IS a rootkit on the system…simply running the tool and saying "..and there came 100s from running…" doesn't mean that there's a rootkit at all.
Agreed… Bithead recommended running other rootkit tests (and you mentioned the possibility of false positives as well), but it's been 11 days or so, and the OP hasn't come back with any additional details or clarifications.
so if you can locate them, either through live or post-mortem analysis, you can then disable the persistence mechanism and remove the driver, allowing you to complete any live analysis that you need to.
True as well, but possibly beyond the skill level of many. I still remember reading Mark Russinovich's blog entries on the Sony rootkit, and all the problems (fun?) he had with that. And that's the guy who wrote the book on Windows, as well as the Rootkit Revealer itself…