I honestly don't know if a registry backup will do the trick, from what I remember about those guys, everything they did was custom and they wrote all their own shit and were pretty badass about it. Hell if the hacker was good enough he may have found a way to infect the computer without triggering any alarms. I would suggest getting a network monitor of sorts and when you connect to the net, so what your upload/download volume jumps to