# [SOLVED] Lost admin rights on Windows 7



## jvdm (Sep 6, 2010)

Hello,

I have a notebook with Windows 7 Home Premium. I have only 1 account on it, with admin rights. But somehow a couple of days ago I lost my admin rights (even though the account still shows as an admin). Things that changed are:
- Can't start cmd
- Can't start regedit
- When I press ctrl+alt+del there's no more option to open the task manager
- Firefox saved passwords are gone when I reboot
- I get the following error on startup (I translated it to English from Dutch):


> Microsoft .NET Framework
> 
> There is an unprocessed exception in the program. If you press "Continue", de error will be ignored and the progam will continue. If you press "Quit", the program will be shut down immediately.
> 
> ...


I didn't translate the rest of the message, but here it is:

```
************** Tekst van uitzondering **************
System.UnauthorizedAccessException: Toegang tot de registersleutel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System is geweigerd.
   bij Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
   bij Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck, RegistrySecurity registrySecurity)
   bij Microsoft.Win32.Registry.SetValue(String keyName, String valueName, Object value, RegistryValueKind valueKind)
   bij Microsoft.VisualBasic.MyServices.RegistryProxy.SetValue(String keyName, String valueName, Object value, RegistryValueKind valueKind)
   bij stub.Form1.Form1_Load(Object sender, EventArgs e)
   bij System.EventHandler.Invoke(Object sender, EventArgs e)
   bij System.Windows.Forms.Form.OnLoad(EventArgs e)
   bij System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
   bij System.Windows.Forms.Control.CreateControl()
   bij System.Windows.Forms.Control.WmShowWindow(Message& m)
   bij System.Windows.Forms.Control.WndProc(Message& m)
   bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   bij System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Geladen assembly's **************
mscorlib
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4952 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
stub
    Assembly-versie: 2.0.0.2
    Win32-versie: 2.0.0.002
    CodeBase: file:///C:/Users/Jasper/AppData/Local/Temp/Server.exe
----------------------------------------
Microsoft.VisualBasic
    Assembly-versie: 8.0.0.0
    Win32-versie: 8.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
mscorlib.resources
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4952 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
Microsoft.VisualBasic.resources
    Assembly-versie: 8.0.0.0
    Win32-versie: 8.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic.resources/8.0.0.0_nl_b03f5f7f11d50a3a/Microsoft.VisualBasic.resources.dll
----------------------------------------
System.Windows.Forms.resources
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_nl_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** JIT-foutopsporing **************
Als u JIT-foutopsporing wilt inschakelen, moet in het configuratiebestand voor deze
toepassing of computer (machine.config) de waarde
jitDebugging in het gedeelte system.windows.forms zijn ingesteld.
De toepassing moet ook zijn gecompileerd terwijl foutopsporing
was ingeschakeld.

Bijvoorbeeld:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

Wanneer JIT-foutopsporing is ingeschakeld, worden onverwerkte uitzonderingen
naar het JIT-foutopsporingsprogramma gestuurd dat op de computer is geregistreerd
en worden niet door dit dialoogvenster verwerkt.
```
I found the topic http://www.techsupportforum.com/f217/admin-rights-lost-on-windows-7-a-472733.html in which they say to use gpedit.msc, but I can't do that because I have Home Premium.

Can anyone help me?
Thank you very much.


----------



## jcgriff2 (Sep 30, 2007)

*Re: Lost admin rights on Windows 7*

Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.

Regards. . .

jcgriff2

`


----------



## jvdm (Sep 6, 2010)

*Re: Lost admin rights on Windows 7*



jcgriff2 said:


> Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.
> 
> Regards. . .
> 
> ...


I can run System Restore when Windows is in normal mode, but it says I don't have any restore points..


----------



## salathielofhale (Aug 4, 2010)

*Re: Lost admin rights on Windows 7*

did you try running it in safe mode and then going to the registry to fix it? There should only be the Default value. If theres anything else i recommend deleting it because thats whats holding your system back.


----------



## jvdm (Sep 6, 2010)

*Re: Lost admin rights on Windows 7*



salathielofhale said:


> did you try running it in safe mode and then going to the registry to fix it? There should only be the Default value. If theres anything else i recommend deleting it because thats whats holding your system back.


What do you exactly suggest I do in regedit? Change the value of / delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ?


----------



## jcgriff2 (Sep 30, 2007)

*Re: Lost admin rights on Windows 7*



jcgriff2 said:


> Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.
> 
> Regards. . .
> 
> ...


Boot into Recovery and see if there are system restore point available to you there.

Regards. . .

jcgriff2

`


----------



## jenae (Jun 17, 2008)

*Re: Lost admin rights on Windows 7*

Hi, please do not delete anything in the registry, and certainly not without a backup, it is possible your permissions to this key have become corrupted. Before we do anything, lets see what the key has. 

Open a CMD prompt as admin and copy paste this, post the resultant notepad file here:-


```
regedit /e C:\Note.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system" & start notepad C:\note.txt
```


----------



## jvdm (Sep 6, 2010)

*Re: Lost admin rights on Windows 7*



jcgriff2 said:


> Boot into Recovery and see if there are system restore point available to you there.
> 
> Regards. . .
> 
> ...


I just tried that, it still says I have no restore points.



jenae said:


> Hi, please do not delete anything in the registry, and certainly not without a backup, it is possible your permissions to this key have become corrupted. Before we do anything, lets see what the key has.
> 
> Open a CMD prompt as admin and copy paste this, post the resultant notepad file here:-
> 
> ...


The problem is, I can't start cmd. It says that it has been turned off by the system administrator. Even in safe mode it says that. The only way I found to get to cmd is to use Recovery mode. Should I try that line on there?


----------



## jcgriff2 (Sep 30, 2007)

*Re: Lost admin rights on Windows 7*

Did you try "System Repair" from recovery?

Did you turn system restore OFF?


----------



## jvdm (Sep 6, 2010)

*Re: Lost admin rights on Windows 7*

Guys thanks for all your help but my problem is solved now! I got the feeling some trojan/virus was involved because when I pressed alt-tab I saw something like hijack and somehow PasswordFox gave an error, while I never downloaded/installed PasswordFox. So I ran Malwarebytes' Anti-Malware and Avast Free. They both found some stuff. After a reboot everything is fine! I can start cmd, regedit and the task manager again.

So thank you all for your help 

*Edit*
For the people who are interested, here's the Malwarebytes log:

```
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7-9-2010 14:49:49
mbam-log-2010-09-07 (14-49-49).txt

Scantype: Snelle scan
Objecten gescand: 124522
Verstreken tijd: 7 minuut/minuten, 26 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 3
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 5

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0i17u06j-m4t5-3v72-5ub7-wo7b68v58w7u} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
C:\Windows\System32\explorer.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\mspass.exe (HackTool.Agent) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
```


----------

