I'm not sure if this last part is a new, stronger version of PSGuard or what, but it appears to involve a kernel mode driver and at least one user mode component that are installed and can not be removed using registry editor. They are using tricks that have been described by Mark Russinovish over at www.sysinternals.com for years to hide registry keys from the win32 api. Mark made a utility called rootkit detector that detects a few of these keys, but apparently will not remove them.
I have searched high and low and I can not find a utility that can reach these hidden registry keys. Does anything like this exist?