BleepingComputer.com: Unhide.exe didn't work!

Hi. I'm suffering from similar problems with unhide.exe.
I just managed to take off both the Win7Recovery virus AND a TDSS virus. However, almost all of the links/shortcuts in Start-->All Programs are not visible (ie: showing (empty)). I am able to view documents, and open them, but can't find the programs anywhere (like Word, Excel, etc). I ran SystemLook as has been suggested and get the log below. Please help!

SystemLook 04.09.10 by jpshortstuff
Log created at 17:01 on 23/06/2011 by Nisha
Administrator - Elevation successful

========== dir ==========

C:\Users\Nisha\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\Nisha\AppData\Local\Temp\smtmp\1 d------ [20:05 22/06/2011]

C:\Users\Nisha\AppData\Local\Temp\smtmp\1\Programs d------ [20:05 22/06/2011]

C:\Users\Nisha\AppData\Local\Temp\smtmp\1\Programs\CCleaner d------ [20:05 22/06/2011]

C:\Users\Nisha\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware d------ [20:05 22/06/2011]

-= EOF =-

You need to create your own topic.

This post has been edited by Broni: 23 June 2011 - 04:36 PM

Hi - hope you can help me, I have had the same problem (black desktop, all files/folders 'disappeared') so I used your brilliant unhide which restored all but one folder. Any chance you could help me ? This is my System Look for it. I have tried taking ownership and unhiding folders etc but it doesn't seem to want to 'restore' this last folder. I would REALLY appreciate your help. Many thanks in advance.

SystemLook 30.07.11 by jpshortstuff
Log created at 20:39 on 27/09/2011 by Sue
Administrator - Elevation successful

========== dir ==========

C:\ProgramData\application data\sage - Parameters: "/s"

---Files---
None found.

C:\ProgramData\application data\sage\Sage EBanking d------ [16:52 04/05/2010]

-= EOF =-

You need to create your own topic.

Thanks - I just did that in case I had to anyway

Basically I had the same problem. Someone had the system restore virus, and I cleaned it out. Everything seemed to work fine. A couple weeks later they complained of things being slow. I didn't really notice any slowness until trying to go online and IE was not working. Tried to update it to the latest version since I saw no repair option but could not dowload a needed update. I install firefox and after a couple restarts it work. So, I finally decided to download all the priority updates from Windows Update. Everything seemed to work fine then all the sudden the system restore virus was back.

This time after cleaning the virus there was nothing on the desktop, start menu, or quick launch except a dead system restore shortcut. Of course I had to unhide folders originally or set it to show hidden and system files to even be able to run Malwarebytes. I ran a 2nd scan but this time a full scan and it found 2 more infections, but the only thing that came back was the desktop and 3 folders on the start menu. I don't think these are even common folders. These are probably some things specific to it being a Dell and the startup folder. THe only reason I could even see the desktop was because hidden files were now being shown.

This is a Dell with Win7-64 Home Premium. Neither version of unhide.exe works. Either either says the program can't be run or it stopped working. I don't guess there needs to be a 64 bit version. I am able to find the olders using SystemLook. The original post about the Start Menu being in C:\Program Data\ Start Menu does seem to be true for any of my Win7 systems. I will just paste the folders into the path I found for the few start menu folders that do show up. I think post that showed the path to be in the roaming folder is the path I was seeing as well.
______________________________________________
update

I actually checked one of my other systems and found the start menu path to be

C:\ProgramData\Microsoft\Windows\Start Menu\Programs

so I guess the post was partially correct. This folder was simply hidden so I just changed the attribute

This post has been edited by Sonic98: 02 November 2011 - 10:36 AM

Broni, on 05 June 2011 - 05:19 PM, said:

Yeah the system I am fixing is no longer showing these links. I'm not really sure what I can do because I don't really remember which links they were previously showing, but I guess I will ser it to to show most of the common ones

Broni, on 05 June 2011 - 04:20 PM, said:

I am missing the pinned links as well. I cannot seem to find the old shortchuts anywhere on the computer. Right now other than folders the only thing I see under "All Programs" is IE and Secuna PSI

This post has been edited by Sonic98: 02 November 2011 - 10:49 AM

You need to create your own topic.

SystemLook 30.07.11 by jpshortstuff
Log created at 00:02 on 07/11/2011 by Jeremiah
Administrator - Elevation successful

========== dir ==========

C:\Users\Jeremiah\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1 d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Avira d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Avira\AntiVir Desktop d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\BearShare d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\CyberLink DVD Suite d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\CyberLink YouCam d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\DVD Flick d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\DVD Flick\Help and Support d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Energy Star d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Games d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Google Chrome d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\HP d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Intel d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel® Management Engine Components d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\K-NFB Reading Technology d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\LightScribe Direct Disc Labeling d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Media & Games d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games for Windows Marketplace d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (English) d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Home and Student (English)\Microsoft Office 2010 Tools d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Online Services d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Recovery Manager d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Roxio d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Roxio\RoxioNow d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Theft Protection d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\Windows Live d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\1\Programs\WinZip d------ [06:28 06/11/2011]

C:\Users\Jeremiah\AppData\Local\Temp\smtmp\4 d------ [06:28 06/11/2011]

-= EOF =-

You need to create your own topic.