My all video and audio files have been changed to .b277 extenssion.
What is this and how to correct this ?
The files have been unplayable now
Only media files? … you may have a ransomware
Follow instructions and attach requested logs > https://forum.avast.com/index.php?topic=53253.0
Malwarebytes and the two logs from FRST is the important ones
9038 different file-extensions in my database and no b277.
Could be a new type/variant of ransomware.
Upload some files to https://www.nomoreransom.org/crypto-sheriff.php
and let us know what is says.
I have run the malwarebytes and farbar as instructed. Attaching the log files as advised.
Next program i will run and send the results in next post
Thanks for the help
The log file of ASWMBR is attached herewith.
What is KMS doing on your system ?
A good start to cleanup the system is removing all illegal software and other things as likely one (perhaps several) of them have caused the infection.
After removing all that crap, run Farbar again and attach new logs to your next post here.
Do you share programs / files with XP side on this system?
[b]FIRST >>>>[/b]
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
Browser Configuration Utility
KMSnano 24
QuickTime 7
YTD Video Downloader 5.7.2
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
Read Slowly and all of it.
If you still have a Addition.txt log file on your desktop, please delete it now.
Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does).
The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)
Select Additional.txt in the Optional Scans section of FRST64.
Press Scan button.
It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back.
Done as per instructions.
Attached are 2 log files
KSMNANO 4 was not found
What part of “cracked or illegal” software did you not understand? :‘( :’( 
2016-10-11 13:26 - 2016-10-11 13:26 - 00386607 _____ D:\Users\Virendra\Downloads\Sony Vegas Pro 11 Keygen + Patch.zip
2016-10-11 12:34 - 2016-10-11 12:36 - 28820534 _____ D:\Users\Virendra\Downloads\d89MalBytesAntiMlwrPrmmv2.2.1.1043FULL-SAMI500778.rar
(Got to ask what level of protection did you think you would get with a cracked antimalware product? Cracking IS malware.)
2016-10-04 19:06 - 2016-10-04 19:06 - 00014933 _____ D:\Users\Virendra\Downloads\CyberLink Director Suite 5.0 Multilingual Incl Patch + Extra Content [SadeemPC].zip.torrent
2016-10-11 12:52 - 2016-08-07 20:00 - 00000000 ____D D:\Users\Virendra\Desktop\Malwarebytes Anti-Malware Premium v 2.2.1.1043 + New Activator 2016
And these are where your Ransomware infection came from (or at least, was the backdoor for it) ==>>
2016-09-20 19:51 - 2016-09-20 19:51 - 00037443 _____ D:\Users\Virendra\Downloads[only-soft.info].t22515.torrent
2016-09-20 19:40 - 2016-09-20 19:40 - 00022113 _____ D:\Users\Virendra\Downloads\CyberLink.PowerDirector.Ultimate.v15.0.20.26.0.Incl.Keymaker-CORE.torrent
2016-09-16 18:20 - 2016-09-16 18:51 - 00000000 ____D D:\Users\Virendra\Desktop\CyberLink Director Suite 5.0 Multilingual Incl Patch + Extra Content [SadeemPC]
2016-09-15 21:13 - 2016-09-15 21:13 - 00070697 _____ D:\Users\Virendra\Downloads\Not.Without.My.Daughter.1991.720p.WEB-DL.AAC2.0.H264-FGT-[rarbg.com].torrent
Using malware to remove malware is not gonna work.
That is going around the same circle over and over again.
These are the downloaded torrents which are not installed yet. But I normally use bit torrent for downloads of old classic movies.
These are the programs for audio/video encoding which is my hobby to convert into 3D and with surround sound and I use it for my personal collection.
If that is the culprit I will delete these files.
Installed or not, if you use it for personal use or not…
It is malware and has to go.
Guess how your system got infected…