I ran Avast trying to get rid of a nasty Trojan that makes my security center pop up every min saying I have spyware. It didn’t work, and now my control panel is gone out of the Start Menu. Please help! 
avast doesn’t remove anything without user input and first it must have detected something.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
What you are seeing is rogue ware trying to convince you to visit a site or download a patch/software (probably at cost) to resolve the problem. I strongly doubt it has anything to do with the Security Center and control panel may have been disabled by malware.
A new tool RogueRemover, available here http://www.malwarebytes.org/rogueremover.php, download this and run it, then try one of the others below and report your findings.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
If using winXP AVG anti-spyware (formerly Ewido). Or SUPERantispyware Or Spyware Terminator.
Again, heatherliis disappeared…
It’s sad when someone asks for help and does not turn back…
Oh, I’m here. I didn’t know anyone replied. Sorry about that. It’s my friend that this happened to, not me. I should of specified. He’s really technically challenged. When he ran the scan, it said it could not repair and asked him to delete all or move to chest. I told him delete all because I was thinking they were just viruses, not system files. But there were a few files that asked him if he was sure, and I told him to move to chest. I don’t know how many of those files he did move. I’ll tell him to come here. He might need special help because he doesn’t know jack about computers. I don’t think he knows how to move the files back from the chest either. I use a Mac, so I’m useless to him. I don’t think he’ll know what safe mode is. Heck, I don’t even know what that is because I use a Mac.
Thanks for all your help,
Heather
It’s always safer send to Chest before deleting.
SafeMode info (repeatedly press F8 while booting).
Heather, maybe your friend should call a technician to fix the computer…
Control Panel is in C:/Windows/System32 as control.exe:
http://donaldbroatch.users.btopenworld.com/control.png
Is control.exe where it should be? What happens when you click on it?
Have you got ‘Display control pane as a link/menu’ enabled? (Right click on Start>Properties>Start Menu>Customize>Advanced
http://donaldbroatch.users.btopenworld.com/customizestart.png
He told me that when he tries to mess with Properties he always gets this message “This operation has been cancelled due to restriction in effect on this computer. Please contact your system administrator.”
Same with anything he clicks on in the Start Menu. I wonder if something happened to his administrative setup. Also if one of you could please contact me via email, I can give you his email address. His internet connection is really bad lately so it’s hard for him to come on here. He might be able to clarify things better than I can.
Thank you so much,
Heather
Try a scan with Spybot Search & Destroy: it can detect and remove some changes to the registry made by malware to disable certain features of Windows.
I’ll go tell him that. Also, I was wrong. It’s not everything in his start menu that is giving him that message. It only the add/remove programs, default settings that don’t work. And his logitech option on his start menu is gone too.
Thank you so much. He’s majorly stressed. Spybot won’t delete anything, will it?
Thanks,
Heather
It will… but it’s a safe application that will try to ‘correct’ the changes that the virus made.
Does he need to disable Avast and any other anti-virus/anti spyware programs he has in order to run Spybot correctly?
Thanks,
Heather
No.
One more question (I hope I’m not annoying you guys), if what you said to do doesn’t work, would it be a good idea for me to send over my control.exe file from my Windows XP (I have it at home on my MacBook Pro). Or would he even be able to use it. It sounds like his administer settings are screwed up to me, not his actual control panel. What’s weird is that none of this happened until after avast was run. Does malware do that once you try to get rid of viruses?
Thanks,
Heather
It won’t harm…
Also, he can use the command SFC to restore the original Windows files. See Windows Help files.
You’re right… things do not smell good.
Heather, avast could have ‘detected’ the problem that was already there…
Thanks. When he gets on, I’ll tell him to try that. If he restores his original files, will it mess up the programs he has on his computer? Will he have to re-install things? I don’t know if he has his disks anymore since he moved. I just want to make sure that restoring his original Windows files doesn’t create a whole other problem.
Thanks,
Heather
No, he needs the original Windows XP CD and will restore only system files.
No, it’s a repair procedure, not an uninstaller.
Without the disks, no way.
It shouldn’t create any problem, not one I’m aware of. Of course, something could be wrong, but if you don’t want to cure (solve) the problem, you won’t test any way, you won’t move, you’ll stay with all the problems…
I’m just covering all my bases before I tell him to do anything. 
I’ll go have him do the spybot scan. He should be on in a couple hours hopefully. I wonder if Microsoft has the system restore files on their site somewhere. Or if he could borrow my disk. Does it matter if it’s from another serial number? Maybe I’ll make him a copy of my disk (if it’ll let me) so if he ever needs to restore his files again, he’ll have them. Otherwise, he might have to spend a lot of money getting a repair guy or get a new computer. And that’s going to suck if he can’t find any of his program disks for photoshop, etc. His CDrom drive is broken too. It stopped working after a friend of his messed with his Windows trying to get rid of spyware/viruses a couple years ago. And now it won’t let him update or anything. It keeps saying his copy isn’t legit even though it is.
I never heard about this… I don’t think it exist.
I’m not sure… but, maybe. You can test.
Well… things are becoming difficult… maybe the technician would be faster and safer, maybe buying a new computer or fix the fail hardware before…
So, if it’s legit… he must have the disks and maybe could start all over again…
He finally got his internet up so he could update spybot and run a scan. It got rid of a bunch of things, but he still has the same problems with not being able to modify his computer and that dang spyware alert keeps coming up. He tried to logout and login as the system administrator, but couldn’t figure out how to do that. It only shows his normal login and no option for that. He had a repair guy come last week to do an estimate and that guy could do it. Is there a certain thing you need to do to login as the system administrator? My friend just chose logout when he went to shutdown and that didn’t work. He’s thinking if he can login as the administrator that he can change the settings for his regular login. I also told him to try to update avast and do another scan, but he doesn’t trust it now. He still thinks avast caused the problem he has with his control panel and adjusting the properties. 
I was doing a search on his problem with the control panel, etc. and someone said that spybot made their computer do that from some settings in advanced mode:
"
after seeing your posts (and finally twigging onto the idea of what i had done) I opened Spybot search & destroy and went to
“TOOLS”
then
“IE TWEAKS”
(both available in the program’s advanced mode)
and unchecked the 3 options of locking the host file…, locking the start page…, and locking the control panel…
all’s fine now. "
Does avast have an option like that too? Maybe that’s why it did that to my friend after he ran avast. Maybe he just needs to mess with the settings. Is there a setting for that?