Okay. When I have some time I'll rootkit a VM and see what that program spots then probably start another thread in the security section.
It would be good to see what it actually does. If it's just monitoring IATs of processes and their calls to windows APIs through their IAT it'll be nonethewiser from a decent rootkit, the rootkit will rewrite the destination of the call in RAM and then redirect to the original API.
If the rootkit is playing games in ring 0 with the IDT, SSDT and copying its own handlers to dlls you're probably hosed whichever way.
EDIT: Just to be clear I don't recommend anyone do what I''m going to on a real machine. Dynamic analysis of nasty files does involve running them which means all your bases will belong to the nastiness maker
These programs are useful to watch things that aren't trying hard to hide themselves, you can get a good idea of their behaviour for sure. I use Process Monitor quite a bit when reverse engineering Windows binaries to get a high level view of what a program is doing.
Probably a bit late but you may have found
https://www.coursera.org/course/malsoftware interesting.