Avast popped up a message indicating a rootkit was detected. Naturally, I selected the option to delete it. Avast scheduled a boot-time scan and found nothing. However, my keyboard no longer worked. I tried a different keyboard and that one wouldn’t work either. Tried safe mode and the keyboard didn’t work there either. Eventually I restored to a restore point. Coincidentally Windows had sent updates a few hours before all of this so that was convenient.

I’m suspicious that Avast freaked out and detected the keyboard driver as a rootkit. Is that even possible? I can’t remember what file Avast pointed at and then deleted, but I’m sure it was under c:\windows. I’ve gone through all of the logs under programdata/avast software but nothing shows there. The statistics tab in the avast UI doesn’t show anything either. It doesn’t seem like this is something that the system restore should have erased either.

I did see one potential entry in EventLog.log

10/23/2013 4:45:55 PM AAVM - scanning warning: x_AavmCheckFileDirectEx: SVC: aswKbd > C:\Windows\System32\Drivers\aswKbd.sys (*RAW:SVC: aswKbd > C:\Windows\System32\Drivers\aswKbd.sys) returning error, C000003B.

I bet C000003B means “file not found” or “no such dll” or some such. Oh well, it looks like no permanent damage was done but I’m just curious as to how I could find out what the heck happened.