Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uninstalled Kaspersky Internet Security and now can't use mouse or keyboard!!


  • Please log in to reply
28 replies to this topic

#1 rothnroll

rothnroll

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 09:50 AM

Greetings.

First off I am using a laptop - Dell Inspiron with Windows 7.
I installed the Kaspersky Internet Security & Anti-Virus trial version. I didn't like it, so I uninstalled it. It prompted me to restart.
I did that.
When restarting the computer I can't get past the login screen. When i restarted it disabled the laptop mouse and keyboard. I waited for 20 mins like it said in the kapersky help and it didn't do anything.
Imposted on the kapersky forum, but hardly anyone posts there.
I followed the tutorial here
http://support.kaspersky.com/us/kis2011/service?print=true&qid=208284040

The only one that applies to me is option #3
I have no access to the computer and I am using a friends computer.
I have no old school mouse port to try and test anything. I have no extra USB mouses.
I have no restore points.. otherwise I would have restored it to a previous version.

I tried option #3.
Got stuck.
I typed in the usbrecover in the terminal and it said
there is no windows operating system on C: drive
The Following drives have been detected
C:
sda1
sda2

No matter what I do (even typing in sda1 and sda2)... it won't let me select any of the drives. I know I have windows installed because without this boot disc it takes me to the windows login screen (can't type in my password)

I have spent a good 7 hours on this today.

I found a fix
http://forum.kaspersky.com/index.php?showtopic=252590&st=0&p=1961004&#entry1961004
But without access to the mouse and keyboard, I have no clue how to access the registry.
Please help!

BC AdBot (Login to Remove)

 


#2 AngryRaisin

AngryRaisin

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County, CA, US
  • Local time:12:44 AM

Posted 22 January 2013 - 03:24 PM

What i am describing here is offline registry editing - this can very easily make your situation worse - your actions are your own - if you are not comfortable with that do not do this - disclaimer outta the way here we go.

during boot right after you see dell screen start tapping f8 to get into boot options select Repair my computer
once you get to recovery options select command prompt
then type in regedit and hit enter
inside regedit - select HKEY_LOCAL_MACHINE
go to 'file' and 'load hive'
browse to your windows installation (hint it should be c or d, but will dells and recovery partitions it may be e or so on) and then browse to windows\system32\config
then select 'system' and open
it will ask you to put in a key - type in something like 'offlinesystem'
Now you should see offlinesystem under HKEY_LOCAL_MACHINE
find HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
Look for UpperFilters if it's there it should be a REG_MULTI_SZ with value of kbdclass
If it's not create one - type REG_MULTI_SZ value kbdclass
find HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
Look for UpperFilters if it's there it should be a REG_MULTI_SZ with value of mouclass
If it's not create one - type REG_MULTI_SZ value mouclass
Now go back and select offlinesystem - go to file - and unload hive
reboot system and cross fingers

Edited by AngryRaisin, 22 January 2013 - 05:07 PM.


#3 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 06:40 PM

then select 'system' and open


I am stuck right there.
When I click on system it doesn't prompt me for a key. It just opens the file in notepad and a wall of text appears


What's next?

#4 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 06:41 PM

I bought a USB mouse today.
I thought it would let use use the on screen keyboard, but it doesn't work once I get to the login screen. It works in the regedit function though...

#5 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 06:52 PM

What i am describing here is offline registry editing - this can very easily make your situation worse - your actions are your own - if you are not comfortable with that do not do this - disclaimer outta the way here we go.

during boot right after you see dell screen start tapping f8 to get into boot options select Repair my computer
once you get to recovery options select command prompt
then type in regedit and hit enter
inside regedit - select HKEY_LOCAL_MACHINE
go to 'file' and 'load hive'
browse to your windows installation (hint it should be c or d, but will dells and recovery partitions it may be e or so on) and then browse to windows\system32\config
then select 'system' and open
it will ask you to put in a key - type in something like 'offlinesystem'
Now you should see offlinesystem under HKEY_LOCAL_MACHINE
find HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
Look for UpperFilters if it's there it should be a REG_MULTI_SZ with value of kbdclass
If it's not create one - type REG_MULTI_SZ value kbdclass
find HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
Look for UpperFilters if it's there it should be a REG_MULTI_SZ with value of mouclass
If it's not create one - type REG_MULTI_SZ value mouclass
Now go back and select offlinesystem - go to file - and unload hive
reboot system and cross fingers


I created the offline system
HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
UpperFilters already had a REG_MULTI_SZ with value of kbdclass

HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
Had a value of mouclass.


Unloaded hive. Nothing. Same issue. Any thoughts?

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:44 PM

Posted 22 January 2013 - 07:14 PM

Please try the following ...
  • Start tapping the F8 key after you press the ON button, and continue tapping until you are presented with the "Advanced Boot Options" menu screen.
  • Use the UP/DOWN arrow keys to select "Last known good configuration", and press the <ENTER> key.
  • The computer will attempt to load Windows.
    Success?
If Windows does not start, try the same thing again.

Let me know the result.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 AngryRaisin

AngryRaisin

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County, CA, US
  • Local time:12:44 AM

Posted 22 January 2013 - 07:46 PM

Posted Image

select the file then press open button

sounds like you right clicked and opened the file in notepad

Did the registry key have anything else in there like klkbdflt as well as kbdclass if so delete 'klkbdflt'
for mouse 'klmouflt'
Also make sure you are openning the right registry hive ... like browse to my computer - then d: - then windows - then system32...
the registry editor will start you off in x:\windows\system32\config which is NOT the registry you want to edit


Other method would be to use System restore in the Recovery Options.

Edited by AngryRaisin, 22 January 2013 - 08:17 PM.


#8 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 07:56 PM

Please try the following ...

  • Start tapping the F8 key after you press the ON button, and continue tapping until you are presented with the "Advanced Boot Options" menu screen.
  • Use the UP/DOWN arrow keys to select "Last known good configuration", and press the <ENTER> key.
  • The computer will attempt to load Windows.
    Success?
If Windows does not start, try the same thing again.

Let me know the result.

That was one of the first things I tried. I tried it again.
Nothing.

#9 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 08:03 PM

Posted Image

select the file then press open button

sounds like you right clicked and opened the file in notepad


Yes, I caught my mistake.
I went back through your fixes.


I created the offline system
HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
UpperFilters already had a REG_MULTI_SZ with value of kbdclass

HKEY_LOCAL_MACHINE\offlineSystem\ControlSet001\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}
Had a value of mouclass.

When I unloaded the hive I restarted and nothing changed.
I did it again, created the offlinesystem and this time I made sure the kbdclass and mouclass were absent.
unloaded hive
Restarted.. nothing

Then I went though and did your fixes ensuring kbdclass and mouclass were in the offlinesystem and unloaded the hive.
Nothing changed.

I am really stumped. I spent 7 or 8 hours on this today.
Thanks for the help.
Any more suggestions?

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:44 PM

Posted 22 January 2013 - 08:21 PM

Use regedit as before, only this time go to the Select key instead of ControlSet001:
  • HKEY_LOCAL_MACHINE\offlineSystem\Select <<< key
Let me know the data value (1, 2, 3 etc) you see beside:
  • Current
  • Default
  • LastKnownGood

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 08:29 PM

Thanks for the help.
It looks like this
(attached)

Attached Files


Edited by rothnroll, 22 January 2013 - 08:32 PM.


#12 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:44 PM

Posted 22 January 2013 - 08:32 PM

Just report the number (1, 2, 3 etc) that you see beside each entry (it will be enclosed in brackets). That will do fine.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:44 PM

Posted 22 January 2013 - 08:38 PM

OK, thanks. All are set to (1).

That means all use CurrentControlSet001.
  • That would explain why there is no change when you choose to load with "Last Known Good Configuration" !

Perchance ... do you see any other CurrentControlSet00x listed along with (below) CurrentControlSet001 ?
  • CurrentControlSet002 perhaps ?

Edited by AustrAlien, 22 January 2013 - 08:39 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#14 rothnroll

rothnroll
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 22 January 2013 - 09:11 PM

I only see CurrentControlSet001

No other CurrentControlSet00XX numbers

Thanks for your help!

#15 AngryRaisin

AngryRaisin

  • Members
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County, CA, US
  • Local time:12:44 AM

Posted 22 January 2013 - 09:46 PM

the thing that's bothering me is that your 'offlinesystem' looks weird generally there are a couple more entries there such as Controlset002, MountedDevices, Setup, and WPA - your reghive looks like the default one that is generally used for setting up windows. When you browse for files I would like you to take a detour first - browse in c:\users or d:\users... you are looking for your user name if there is only public then you are in the wrong drive and need to find the right drive.

if you are in the right drive then my other suggestion of restore point is looking more promising.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users