I use both AppDefend and RegDefend. When I installed the Microsoft User Profile Cleanup Service (version 1.6d), AppDefend did not notify me that a "rootkit driver" was being installed. However, when I ran RootKit Hook Analyzer, it showed a "rootkit driver" associated with the UPHClean service (named uphclean.sys). I am not worried about UPHClean actually being a rootkit. I am wondering why AppDefend did not seem to have caught this driver, or what else may have happened.