How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

A.
Defeating the scanner from detecting any code change at the kernel

B.
Replacing patch system calls with its own version that hides the rootkit (attacker’s) actions

C.
Performing common services for the application process and replacing real applications with
fake ones

D.
Attaching itself to the master boot record in a hard drive and changing the machine’s boot
sequence/options