That must be a pretty crappy rootkit if you could detect it without even switching operating systems.
On the contrary. The way rootkit detectors work is they ask for the same information in about 100 different ways. If any of them disagree with the others then something is wrong. E.g. if you enumerate the files in a folder and see nothing, but do an NtQueryObject on the directory and discover that it contains 1 file, then something is amiss. The point is that rootkits can hook stuff, but unless they hook everything (which requires a lot of time, effort and Winternals knowledge) they're going to screw up and will get caught.
Also AVs tend to look for heuristics as well as file signatures, so if an image gets mapped from disk but the file doesn't show up in an ZwOpenFile then something is wrong.