After my post yesterday on SysInternals and listening to the RootKit episode of Security Now, I decided to give RootkitRevealer a whirl on my system. It turned up a slab of hidden registry class ID keys underneath HKLM\SOFTWARE\Classes\CLSID:
I was mildly worried and spent a bit of time tracking down these keys. I think I can say pretty definitely what they're for now; it's Pinnacle Studio 9 hiding their registration keys. Irritatingly, Studio doesn't handle logging in as a non-admin properly, either - every time I start it I have to click the little message that says "Don't show this screen again".