Like the title says, I need help with viewing hidden registry entries that are not normally accessible through the default windows regedit.
To start off, my friends son tried downloading a free game but was instead blasted with a Trojan.VBS.Autorun.ag, along with Trojan.Downloader.Generic, and some other various adware. There were no security warnings, popups, or indication of infection. The only reason I knew to look for something was because his son called me over to check his other game he was playing out. When he was done, he was on youtube and I noticed an online support tab in his browser which was a huge Adware red flag.
I found a few viruses, removed them, but after searching more, realized the same virus was reappearing in different locations located in the temp dir. Sometimes in the Temp, others in temp\is-H8O4M.tmp <---This is actually a folder not a .tmp file, the folder contained another copy of c11w.exe and cuii.exe both are Trojan.VBS.Autorun.ag
hkey_local_machine software microsoft windows currentversion run to see what reg entries were in the key, well there were absolutely no entries in here at all. Not even legit application entries. So my guess is the entries are being hidden from regedit.
My question is: What tools are useful for either extracting hidden keys and entries for later examination, or for opening the registry in such a way that the keys can be displayed? Are there any programs out there that can help me? Also, if I escalate privileges to system lvl when opening regedit will that help? Any push in the right direction is appreciated. Thanks in advance.