How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

Defeating the scanner from detecting any code change at the kernel

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

Performing common services for the application process and replacing real applications with fake ones

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options