Jump to content

Ratibonus KMS tools Installed, problem with windows 10 update

Go to solution Solved by kerkanthony,

Recommended Posts

Hello tried to get Office activated with Ratibonus KMS tools and after that the windows update fail to be updated. As I saw this forum but seems some steps is no longer working since the threat is close.   https://forums.malwarebytes.com/topic/241381-kmspico-installed-problem-with-windows-10/



Link to post
Share on other sites

Hello kerkanthony and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:


Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your native tongue rename FRST to FRSTEnglish.
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Edited by kevinf80
typing errror
Link to post
Share on other sites


-Log Details-
Scan Date: 4/7/21
Scan Time: 8:26 PM
Log File: 85c81292-979c-11eb-9249-7824af4303db.json

-Software Information-
Components Version: 1.0.1249
Update Package Version: 1.0.39189
License: Free

-System Information-
OS: Windows 10 (Build 19041.572)
CPU: x64
File System: NTFS
User: Ken\ken

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 402353
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 47 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.EasyLife, C:\USERS\KENDR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 217, 691263, , , , , , 

File: 10
Generic.Malware/Suspicious, C:\USERS\KENDR\APPDATA\LOCAL\TEMP\LOADERX.EXE, Quarantined, 0, 392686, 1.0.39189, , shuriken, , 1B497C93FB984B6F3911297B197AF5C2, 1941E682403DD5F423FEE6E9685020C587395EF9A62F86D1311812C7D29CBF1F
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 217, 691263, , , , , 02EF4EC2BF6DA10B5C38C871E2807EBE, A3C1B76B9E3DCDF8AF036F9145783B6D9A9A8EB4C2342850C57E062F641057D5
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000187.log, Quarantined, 217, 691263, , , , , 12F59552C41C82971C72FE8CADA9AE01, C0794F4BF460472F32BF9C37A83FC3C47CAA4A3AD8F38E6AE668F5F8A275B9B9
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000189.ldb, Quarantined, 217, 691263, , , , , DDC2DCE198802FB21F89103D3AC792AF, 33068023D57FE5F537F78EC2AF9439580BA8E0234888CC79AA2E17A5D4ACC9DA
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 217, 691263, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 217, 691263, , , , , , 
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 217, 691263, , , , , D20F9A71CDE65AD89554D565A515C049, 40B0F05345242B3C20DC56517C0F1BE1D7BFE9F47F2C1D89204850BEB1B6BEFE
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 217, 691263, , , , , F4007E7D138A7603B19F250377A64AFE, 5730FAC99B16B4D0F9FF5F5F22BB60AE0E312B4068FDAC8B7D0CD1361BE71A3F
PUP.Optional.EasyLife, C:\Users\kendr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 217, 691263, , , , , 8755C5032D26549FB5EB6D77EB6ADA2B, 1471FCE33B436AA07A51DD0C5C8241914CCA00E6C18F2A9D8E6F2116AA62A671
PUP.Optional.EasyLife, C:\USERS\KENDR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 217, 691263, 1.0.39189, , ame, , 3DB55D5D1D34293E0E6F224DAA6CDE5B, E41C8D14F44C4E6D38CFE6B1F71E504E7B0F9433F62ED09BC907472239A83B51

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


Link to post
Share on other sites

Hiya kerkanthony,

Yes those logs are complete, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.


Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,



Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image
Your system will reboot, check windows updates after that...



Link to post
Share on other sites

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure ONLY the following options are checked:
  • Windows Update
  • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

Hiya kerkanthony,

I`ve attached wuauserv.zip to my reply, download and unzip that file to your Desktop (do not save anywhere else) so you have wuauserv.reg

Double click on that reg file, accept any merges or alerts. Reboot your system when complete, test windows updates again... Any improvement...?

Thank you,



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.