Screwed up and now keyboard and mouse drivers don’t work.

How to Recover from Driver Malfunction Caused by Interception API Modifications: A Step-by-Step Guide

Introduction

Encountering driver issues that disable essential input devices like your keyboard and mouse can be a stressful experience, especially when crucial data is at stake. This guide outlines a systematic approach to troubleshooting and recovering from a situation where driver modifications—intended for customizing input sensitivity—have inadvertently rendered your peripherals inoperative. While unique circumstances may vary, the following steps provide a comprehensive roadmap for resolving such critical issues.

Understanding the Situation

In this scenario, the user attempted to modify system drivers related to input devices—specifically by renaming driver files (mouse.sys and keyboard.sys)—to disable or alter their function. Additionally, interference from software utilizing the Interception API and attempts to manipulate driver installation via TrustedInstaller rights contributed to system instability. As a result, both mouse and keyboard are non-functional in normal Windows environments but remain operational in Windows Recovery Environment (WinRE).

Key Challenges Identified:
– Drivers missing or inaccessible in the system directory.
– Driver filters (upper and lower filters in the registry) altered or removed.
– Difficulty accessing the system due to password restrictions in WinRE.
– Attempts to uninstall or disable problematic software (Interceptor) unsuccessful.
– The need to recover system functionality without performing a full reset or reinstall.

Proposed Solution Steps

1. Ensure Hardware Functionality in Recovery Mode
2. Confirm that USB devices (mouse and keyboard) work in WinRE, which you have already tested.

3. If devices do not work in WinRE, try different ports or external adapters, and verify BIOS settings related to USB.

4. Access Command Prompt with Elevated Privileges

5. Since password prompts in WinRE are problematic, consider creating a bootable Windows recovery media with advanced troubleshooting tools.

6. Boot from this media and select “Command Prompt” to gain administrative access.

7. Identify and Remove Residual Drivers and Filters

8. Use commands such as diskpart to examine disk partitions if necessary.

9. Check for driver files: Normally, input device drivers reside in C:\Windows\System32\drivers\. If missing, they can be restored from a backup or installation media.

10. Manually Uninstall Problematic Drivers and Software

11. Delete or hide any filters: In the registry hive HKLM\System\CurrentControlSet\Control\Class\{GUID}, remove entries related to upper and lower filters associated with device classes 4d36e96