A customer of mine brought in a Vista computer with the empty Startup folders, etc... I quickly located the smtmp in the user temp folder. It contained smtmp 1, 2, and 4. It did not contain smtmp 3.
However, smtmp 2 and 4 were both empty and smtmp 1 contained only folders. All the right folders were there but they were empty. I ran Unhide twice. MalwareBytes removed several malwares. But, I still could not locate the contents of the individual folders.
Is it possible that one virus rewrote the smtmps after everything was already hidden?
One more thing to add here. This customer signed up for a program called Swag Bucks that claims to pay you for surfing the web. The CouponsBar was installed at the same time. I had to uninstall CouponsBar twice as it quickly returned the first time.
I painstakingly rebuilt most of the shortcuts or copied them from their other computer. But I would like to know if there was another way. I do not have any attachments to include as they needed the computer back quickly to run their business accounting.