klif.sys is a driver file belongs to the Kaspersky range of products, and seems most likely to be an anti-rootkit scanner. It is located in the folder C:\Windows\System32\drivers or sometimes in a subfolder of C:\Windows\System32. If you had Kaspersky Internet Security Suite earlier, you either have it still installed or remnants are left of it. Since it is a part of the anti-rootkit scanner of Kaspersky, Norton may be identifying it as a threat related to root kit. You should go to their web site (www.kasperskylabs.com) and download the Removal Tool for their products (here is the link http://support.kaspersky.com/faq/?qid=208279463). When you download the tool, save it to your desktop.  Follow the instructions on the web page; these will explain how to remove their products leftover files even if you do not have the entire product installed any longer.

klif.sys can also be a varient of the threat "Hacktool.Rootkit". You can upgrade your current NIS 2006 to NIS 2009 and run a scan using it.

1. Download the Norton Internet Security 2009 from this LINK, don't install it now.

2. Go to your Norton Account using this LINK and note down the product key of NIS 2006.

2. Download and run Norton Removal Tool from this LINK. This is to remove the Norton 2006 program.

3. Now install Norton 2009 and activate it using the same Product key from your Norton Account.

4. Run a LiveUpdate, and then Full System Scan.

Let us know the results.

Yogesh

Couldn't find how to register product, so I didn't use NIS09.  I never had kap so it couldn't be from that.  It was a hacktool.rootkit for sure though.  I got rid of it using another product.  No more pop ups from norton when I access my drives.  Not gonna mention it here since its not norton.

Thanks for the suggestions anyways.