Security Stronghold security made easy

BuddyPicture Removal: Remove BuddyPicture Easily


* What is BuddyPicture

* Download BuddyPicture Removal Tool

* Remove BuddyPicture manually

* Get Professional Support

* Read Comments


Threat indicator: HIGH

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

BuddyPicture

rundll32.exe * stlb2.dll, DllRunMain

Downloader

Win32 (Windows XP, Vista, Seven, 8)


The essential destination of BuddyPicture is hidden unpermitted downloading of applications from the Wide-Area Network. All BuddyPicture can be divided into two main classes: universal BuddyPicture can load a code from multifarious servers. This strategy is one of flutter allocation and is the exact opposed of putting "all your eggs in one basket". BuddyPicture are created by the whole spectrum of malware authors. Alternatively, a buyer may find strange files on the file system where they may not have been present before. As a BuddyPicture may download virtually anything at all, the magnitude of the injury it can prospectively cause is only bound to what it can effectively download.


BuddyPicture intrusion method

BuddyPicture copies its file(s) to your hard disk. Its typical file name is rundll32.exe * stlb2.dll, DllRunMain. Then it creates new startup key with name BuddyPicture and value rundll32.exe * stlb2.dll, DllRunMain. You can also find it in your processes list with name rundll32.exe * stlb2.dll, DllRunMain or BuddyPicture. Also, it can create folder with name BuddyPicture under C:\Program Files\ or C:\ProgramData.

If you have further questions about BuddyPicture, please call us on the phone below. It is toll free. Or you can use programs to remove BuddyPicture automatically below.


Download SpyHunter by Enigma Software Group LLC

Download this advanced removal tool and solve problems with BuddyPicture and rundll32.exe * stlb2.dll, DllRunMain (download of fix will start immediately):

Download Spyhunter to remove BuddyPicture and rundll32.exe * stlb2.dll, DllRunMain now!

* SpyHunter was developed by US-based company EnigmaSoftware and is able to remove BuddyPicture-related issues in automatic mode. Program was tested on Windows XP, Windows Vista, Windows 7 and Windows 8.

Features of SpyHunter 4

* Removes all files created by BuddyPicture.

* Removes all registry entries created by BuddyPicture.

* You can activate System and Network Guards and forget about malware.

* Can fix browser problems and protect browser settings.

* Removal is guaranteed - if SpyHunter fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.


Download Stronghold AntiMalware by Security Stronghold LLC

Download antimalware designed specifically to remove threats like BuddyPicture and rundll32.exe * stlb2.dll, DllRunMain (download of fix will start immediately):

Download Stronghold AntiMalware for BuddyPicture and rundll32.exe * stlb2.dll, DllRunMain now!

Features of Stronghold Antimalware

* Removes all files created by BuddyPicture.

* Removes all registry entries created by BuddyPicture.

* Fixes browser redirection and hijack if needed.

* "Toolbar Remover" tool will help you get rid of unwanted browser extensions.

* Removal is guaranteed - if Stronghold AntiMalware fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with BuddyPicture and repair BuddyPicture right now!

support person

Call us using the number below and describe your problem with BuddyPicture. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove BuddyPicture. Trouble-free tech support with over 10 years experience removing malware.


1-877-219-8984


Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

* Technical details of BuddyPicture threat.

* Manual BuddyPicture removal.

* Download BuddyPicture Removal Tool.


How to remove BuddyPicture manually?

This problem can be solved manually by deleting all registry keys and files connected with BuddyPicture, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by BuddyPicture.

To get rid of BuddyPicture, you should:

file logo

1. Kill the following processes and delete the appropriate files:

• b.exe

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use BuddyPicture Removal Tool for safe problem solution.

windows folder logo

2. Delete the following malicious folders:

no information

windows registry logo

3. Delete the following malicious registry entries and\or values:

no information

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use BuddyPicture Removal Tool for safe problem solution.


4. Manually fix browser problems

BuddyPicture can affect your browsers which results in browser redirection or search hijack. We recommend you to use free option "Reset Browsers" under "Tools" in Stronghold AntiMalware to reset all the browsers at once. Mention that you need to remove all files and kill all processes belonging to BuddyPicture before doing this. To reset your browsers manually and restore your homepage perform the following steps:

internet explorer logo

Internet Explorer

  • If you use Windows XP, click Start, and then click Run. Type the following in the Open box without quotes, and press Enter: "inetcpl.cpl"

  • If you use Windows 7 or Windows Vista, click Start. Type the following in the Search box without quotes, and press Enter: "inetcpl.cpl"

  • Click the Advanced tab

  • In Reset Internet Explorer settings, click Reset. Click Reset in opened window again.

  • Select Delete personal settings checkbox to remove browsing history, search providers, homepage

  • After Internet Explorer finishes resetting, click Close in the Reset Internet Explorer Settings dialog box

Warning: In case this option will not work use free option Reset Browsers under Tools in Stronghold AntiMalware.

google chrome logo

Google Chrome

  • Go to the installation folder of Google Chrome: C:\Users\"your username"\AppData\Local\Google\Chrome\Application\User Data.

  • In the User Data folder, look for a file named as Default and rename it to DefaultBackup.

  • Launch Google Chrome and a new clean Default file will be created.

Warning: This option might not work if in Google Chrome you use online synchronization between PCs. In this case use free option Reset Browsers under Tools in Stronghold AntiMalware.

mozilla firefox logo

Mozilla Firefox

  • Open Firefox

  • Go to Help > Troubleshooting Information in menu.

  • Click the Reset Firefox button.

  • After Firefox is done, it will show a window and create folder on the desktop. Click Finish.

Warning: This option will also clean all your account passwords for all websites. If you don't want it use free option Reset Browsers under Tools in Stronghold AntiMalware.

Information provided by: Aleksei Abalmasov

DMCA.com Protection Status

Here are the descriptions of problems connected with BuddyPicture and rundll32.exe * stlb2.dll, DllRunMain we received earlier:

Problem Summary: b.exe is making my computer restart itself over and over

i downloaded what i thought was a video player, but turned out to be b.exe. how do i get rid of it? i downloaded the universal fix wizard you have on this page, but it hasn't turned up anything. please help!

Problem was successfully solved. Ticket was closed.

Problem Summary: b.exe application making computer only open in safe mode


DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Andie and Donal at 9:22:10.96 on 15/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.955.505 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Andie and Donal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51JVMHZE\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Monopod] c:\users\andie and donal\appdata\local\temp\b.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: northernbank.co.uk
Trusted Zone: northernbank.co.uk\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 85.255.112.5,85.255.112.107
TCP: {51329E1A-0FA9-4361-A6DC-16A8AD1B2757} = 85.255.112.5,85.255.112.107
TCP: {EE06F5B7-6A9A-406F-A9EF-2C2B87A132DC} = 85.255.112.5,85.255.112.107
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-3-27 20384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S2 gupdate1c9ca9f7d4b7dc0;Google Update Service (gupdate1c9ca9f7d4b7dc0);c:\program files\google\update\GoogleUpdate.exe [2009-5-1 133104]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-7 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-3-27 954368]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

=============== Created Last 30 ================

2009-08-12 09:16 --d----- c:\program files\Registry Easy
2009-08-10 13:02 --d----- c:\users\andiea~1\appdata\roaming\Error Fix
2009-08-10 13:01 --d----- c:\program files\Error Fix
2009-08-10 12:59 --d----- c:\program files\Downloaded Installers
2009-08-10 11:53 166,225,719 a------- c:\windows\MEMORY.DMP
2009-08-10 11:13 144,896 a------- c:\windows\msa.exe
2009-08-10 11:11 207,364 a------- c:\windows\system32\msxml71.dll
2009-07-19 15:02 428,544 a------- c:\windows\system32\EncDec.dll
2009-07-19 15:01 293,376 a------- c:\windows\system32\psisdecd.dll
2009-07-19 15:01 217,088 a------- c:\windows\system32\psisrndr.ax
2009-07-19 15:01 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-07-19 15:01 80,896 a------- c:\windows\system32\MSNP.ax
2009-07-19 14:51 2,033,152 a------- c:\windows\system32\win32k.sys
2009-07-19 14:51 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-19 14:51 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-19 14:51 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-19 14:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-19 14:50 636,928 a------- c:\windows\system32\localspl.dll
2009-07-19 14:48 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-08-11 19:52 51,200 a------- c:\windows\inf\infpub.dat
2009-06-22 15:29 86,016 a------- c:\windows\inf\infstor.dat
2009-06-22 15:29 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-28 20:41 61,224 a------- c:\users\andie and donal\GoToAssistDownloadHelper.exe
2009-05-01 14:01 56 a---h--- c:\programdata\ezsidmv.dat
2009-05-01 14:01 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-07 03:01 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:22:30.09 ===============

Problem was successfully solved. Ticket was closed.

Most wanted problem: gator remove

Next threat: Bulla »

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2017 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.