Hidden processes, files, registry keys

Before my questions, let define what the word "hidden" means here.
It is meant to be thing that is truly hidden and stealthy.
For processes, they won't show up in Windows Task Manager.
For files, they would not show up in Windows Explorer even if you select "show hidden files".

Questions:
1) What tools do you recommend which can view any truly hidden items on my computer, including but not limited to:
- processes
- files and folders
- registry keys

2) Why do you recommend these tools?

Thank you.

There are many programs out there that you use that will do those things. The best thing to do is to do a search for those terms, and I'm sure you'll come up with a host of programs to choose from. There may be just one program to do all of those things, and there may be more than one program to do all of those things seperately.

But some virus scan programs can do that, but you'd still have to compare the lists with the lists in your Task Manager to see what is hidden or not.

Also, put a "rootkit" revealer into your arsenal.

Hi Wai Wai

If you are referring to rootkits, then when your'e dealing with kernel-mode rootkits there may be nothing that can fully detect them or their hidden process and files, while running detection tools inside the operating system you suspect has those hidden files/folders..

A little info on rootkits:
http://www.bluetack.co.uk/forums/index.php?showtopic=8604

Here's a few tools that may be what you are looking for:
http://www.spywarewarrior.com/viewtopic.php?p=116213#116213

Most of the tools I like to use are all listed in this guide, and suit various situations for digging things up that may be hidden otherwise:
http://www.bluetack.co.uk/forums/index.php?showtopic=4138

The sysinternals tools are very handy. GMER, Icesword , Darkspy etc also have their uses.

Running a search through directories in dos can sometimes find things that dont show up normally and the various rootkit tools are another way of digging stuff out.

Rootkit authors are always finding new ways to bypass those so you can't rely on them 100% and there are an ever increasing variety of rootkits being designed and modified..

I always try to keep a record of the system files and directories for comparison along the way , things like bb filemap and sentinel 2.0 can log new files that are introduced into the system on reboot / shutdown.

Using something llike BartPE to search the system from outside the system itself if would be another way to detect hidden process/files:

http://www.nu2.nu/pebuilder/
http://www.ubcd4win.com/

If you're looking for anti-rootkit software, you can try antirootkit.com. It has a big list of software. However, from personal experience, I warn you, before you install any of those programs, first back up everything on your computer- either with system restore, or on a boot disk..or something...or you can even use a virtual machine like VirtualPC or Vmware. Just make sure you have backups in a safe place and you can restore them no matter what happens.

I say this because ive tested some of thsoe programs and have had BSOD's and my comp crashed. Also I was unable to open My Computer..and..many other things..once i coudlnt even see the screen..I had to go into safe mode..so yeah just a precaution.

What Moore said about the sysinternals stuff, like for example, theres Filemon, Regmon, that basically flood you with lists of system activity unless you put in filters lol. But they are handy to view rootkits and such. Many other tools there can be useful as well if you know how to use them, which i generally do not, lol.