Go Back   Tech Support Forum > Microsoft Support > Windows 7 Support, Windows Vista Support

[SOLVED] Lost admin rights on Windows 7

This is a discussion on [SOLVED] Lost admin rights on Windows 7 within the Windows 7 Support, Windows Vista Support forums, part of the Tech Support Forum category. Hello, I have a notebook with Windows 7 Home Premium. I have only 1 account on it, with admin rights.


Closed Thread
 
Thread Tools Search this Thread
Old 09-06-2010, 03:21 AM   #1
Registered Member
 
Join Date: Sep 2010
Posts: 5
OS: Windows 7 Home Premium



Hello,

I have a notebook with Windows 7 Home Premium. I have only 1 account on it, with admin rights. But somehow a couple of days ago I lost my admin rights (even though the account still shows as an admin). Things that changed are:
- Can't start cmd
- Can't start regedit
- When I press ctrl+alt+del there's no more option to open the task manager
- Firefox saved passwords are gone when I reboot
- I get the following error on startup (I translated it to English from Dutch):
Quote:
Microsoft .NET Framework

There is an unprocessed exception in the program. If you press "Continue", de error will be ignored and the progam will continue. If you press "Quit", the program will be shut down immediately.

Access to registerkey HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System denied


See the end of this message for more information on calling of JIT error finding in stead of this dialog.
I didn't translate the rest of the message, but here it is:
Code:
************** Tekst van uitzondering **************
System.UnauthorizedAccessException: Toegang tot de registersleutel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System is geweigerd.
   bij Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
   bij Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck, RegistrySecurity registrySecurity)
   bij Microsoft.Win32.Registry.SetValue(String keyName, String valueName, Object value, RegistryValueKind valueKind)
   bij Microsoft.VisualBasic.MyServices.RegistryProxy.SetValue(String keyName, String valueName, Object value, RegistryValueKind valueKind)
   bij stub.Form1.Form1_Load(Object sender, EventArgs e)
   bij System.EventHandler.Invoke(Object sender, EventArgs e)
   bij System.Windows.Forms.Form.OnLoad(EventArgs e)
   bij System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
   bij System.Windows.Forms.Control.CreateControl()
   bij System.Windows.Forms.Control.WmShowWindow(Message& m)
   bij System.Windows.Forms.Control.WndProc(Message& m)
   bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   bij System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Geladen assembly's **************
mscorlib
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4952 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
stub
    Assembly-versie: 2.0.0.2
    Win32-versie: 2.0.0.002
    CodeBase: file:///C:/Users/Jasper/AppData/Local/Temp/Server.exe
----------------------------------------
Microsoft.VisualBasic
    Assembly-versie: 8.0.0.0
    Win32-versie: 8.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
mscorlib.resources
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4952 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
----------------------------------------
Microsoft.VisualBasic.resources
    Assembly-versie: 8.0.0.0
    Win32-versie: 8.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic.resources/8.0.0.0_nl_b03f5f7f11d50a3a/Microsoft.VisualBasic.resources.dll
----------------------------------------
System.Windows.Forms.resources
    Assembly-versie: 2.0.0.0
    Win32-versie: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_nl_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** JIT-foutopsporing **************
Als u JIT-foutopsporing wilt inschakelen, moet in het configuratiebestand voor deze
toepassing of computer (machine.config) de waarde
jitDebugging in het gedeelte system.windows.forms zijn ingesteld.
De toepassing moet ook zijn gecompileerd terwijl foutopsporing
was ingeschakeld.

Bijvoorbeeld:

<configuration>
    <system.windows.forms jitDebugging="true" />
</configuration>

Wanneer JIT-foutopsporing is ingeschakeld, worden onverwerkte uitzonderingen
naar het JIT-foutopsporingsprogramma gestuurd dat op de computer is geregistreerd
en worden niet door dit dialoogvenster verwerkt.
I found the topic http://www.techsupportforum.com/f217...-a-472733.html in which they say to use gpedit.msc, but I can't do that because I have Home Premium.

Can anyone help me?
Thank you very much.

__________________
jvdm is offline  
Old 09-06-2010, 09:59 AM   #2
Team Manager, Microsoft Support
Microsoft MVP
BSOD Kernel Dump Expert
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 30,805
OS: Windows 10, 8.1, 7 + Windbg :)



Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.

Regards. . .

jcgriff2

`

jcgriff2 is offline  
Old 09-06-2010, 11:19 AM   #3
Registered Member
 
Join Date: Sep 2010
Posts: 5
OS: Windows 7 Home Premium



Quote:
Originally Posted by jcgriff2 View Post
Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.

Regards. . .

jcgriff2

`
I can run System Restore when Windows is in normal mode, but it says I don't have any restore points..
__________________
jvdm is offline  
Old 09-06-2010, 11:27 AM   #4
Registered Member
 
Join Date: Aug 2010
Location: TX
Posts: 12
OS: Windows 7 Ultimate 64bit service pk 2



did you try running it in safe mode and then going to the registry to fix it? There should only be the Default value. If theres anything else i recommend deleting it because thats whats holding your system back.
__________________
salathielofhale is offline  
Old 09-06-2010, 12:51 PM   #5
Registered Member
 
Join Date: Sep 2010
Posts: 5
OS: Windows 7 Home Premium



Quote:
Originally Posted by salathielofhale View Post
did you try running it in safe mode and then going to the registry to fix it? There should only be the Default value. If theres anything else i recommend deleting it because thats whats holding your system back.
What do you exactly suggest I do in regedit? Change the value of / delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ?
__________________
jvdm is offline  
Old 09-06-2010, 08:01 PM   #6
Team Manager, Microsoft Support
Microsoft MVP
BSOD Kernel Dump Expert
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 30,805
OS: Windows 10, 8.1, 7 + Windbg :)



Quote:
Originally Posted by jcgriff2 View Post
Boot into Recovery using Windows DVD or the Recovery partition and run Windows System Restore -- choose a restore point prior to the trouble occurring.

Regards. . .

jcgriff2

Quote:
Originally Posted by jvdm View Post
I can run System Restore when Windows is in normal mode, but it says I don't have any restore points..
Boot into Recovery and see if there are system restore point available to you there.

Regards. . .

jcgriff2

`
jcgriff2 is offline  
Old 09-06-2010, 11:07 PM   #7
Moderator
- Microsoft Support
 
jenae's Avatar
 
Join Date: Jun 2008
Location: Sydney
Posts: 6,089
OS: XP, Vista, Seven, & a whole host you would never have heard of.



Hi, please do not delete anything in the registry, and certainly not without a backup, it is possible your permissions to this key have become corrupted. Before we do anything, lets see what the key has.

Open a CMD prompt as admin and copy paste this, post the resultant notepad file here:-

Code:
regedit /e C:\Note.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system" & start notepad C:\note.txt
__________________

jenae is offline  
Old 09-07-2010, 04:06 AM   #8
Registered Member
 
Join Date: Sep 2010
Posts: 5
OS: Windows 7 Home Premium



Quote:
Originally Posted by jcgriff2 View Post
Boot into Recovery and see if there are system restore point available to you there.

Regards. . .

jcgriff2

`
I just tried that, it still says I have no restore points.

Quote:
Originally Posted by jenae View Post
Hi, please do not delete anything in the registry, and certainly not without a backup, it is possible your permissions to this key have become corrupted. Before we do anything, lets see what the key has.

Open a CMD prompt as admin and copy paste this, post the resultant notepad file here:-

Code:
regedit /e C:\Note.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system" & start notepad C:\note.txt
The problem is, I can't start cmd. It says that it has been turned off by the system administrator. Even in safe mode it says that. The only way I found to get to cmd is to use Recovery mode. Should I try that line on there?
__________________
jvdm is offline  
Old 09-07-2010, 04:18 AM   #9
Team Manager, Microsoft Support
Microsoft MVP
BSOD Kernel Dump Expert
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 30,805
OS: Windows 10, 8.1, 7 + Windbg :)



Did you try "System Repair" from recovery?

Did you turn system restore OFF?
jcgriff2 is offline  
Old 09-07-2010, 07:06 AM   #10
Registered Member
 
Join Date: Sep 2010
Posts: 5
OS: Windows 7 Home Premium



Guys thanks for all your help but my problem is solved now! I got the feeling some trojan/virus was involved because when I pressed alt-tab I saw something like hijack and somehow PasswordFox gave an error, while I never downloaded/installed PasswordFox. So I ran Malwarebytes' Anti-Malware and Avast Free. They both found some stuff. After a reboot everything is fine! I can start cmd, regedit and the task manager again.

So thank you all for your help :)

Edit
For the people who are interested, here's the Malwarebytes log:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7-9-2010 14:49:49
mbam-log-2010-09-07 (14-49-49).txt

Scantype: Snelle scan
Objecten gescand: 124522
Verstreken tijd: 7 minuut/minuten, 26 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 1
Registerwaarden ge´nfecteerd: 4
Registerdata ge´nfecteerd: 3
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 5

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0i17u06j-m4t5-3v72-5ub7-wo7b68v58w7u} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
C:\Windows\System32\explorer.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\mspass.exe (HackTool.Agent) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Jasper\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

__________________
jvdm is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:31 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts