Click.GiftLoad HijackersC (one more)
Hi all
Reading the “Before you Post” thread, I hope to meet all your rules.
Unfortunately I got attacked by virus, trojan, malware.
Before I found this page I already did some scanning (Stinger, OnlineScanner ESET and Symantec). Now I also know that I made the mistake to turn off System Restore.
Fortunately until now I didn’t run any ‘FIXES’ ComboFix etc.
Currently I can’t find anything except Click.GiftLoad HijackersC (with Spybot).
The only things which I actually “feel” are that I’m not able to surf Windows Update and a slow system start (no blue screen, no re-directed web browsing).
Hope we still have a chance to get the system clean.
DDS Report >>>>
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 12:04:47.96 on 02.04.2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1031.18.2047.1357 [GMT 2:00]
.
AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programme\Tools\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bluewin.ch/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\tools\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programme\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "d:\programme\tools\alcohol 120\axcmd.exe" /automount
uRun: [SpybotSD TeaTimer] d:\programme\tools\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\tools\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233350009690
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300835333359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-12-24 18208]
R1 SAVRT;SAVRT;c:\programme\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\programme\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-6-18 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-5-30 201696]
R2 ccEvtMgr;Symantec Event Manager;c:\programme\gemeinsame dateien\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\programme\gemeinsame dateien\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 ECBatteryDRV;ECBatteryDRV;c:\windows\system32\drivers\ECBatteryDRV.sys [2010-12-31 6144]
R2 ECMonitorDRV;ECMonitorDRV;c:\windows\system32\drivers\ECMonitorDRV.sys [2010-12-31 6144]
R2 ECUtilityDRV;ECUtilityDRV;c:\windows\system32\drivers\ECUtilityDRV.sys [2010-12-31 6144]
R2 HotCPUDRV;HotCPUDRV;c:\windows\system32\drivers\HotCPUDRV.sys [2010-12-31 7240]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\programme\symantec antivirus\Rtvscan.exe [2006-11-27 1836640]
R2 WinBootDRV;WinBootDRV;c:\windows\system32\drivers\WinBootDRV.sys [2010-12-31 7242]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\gemeinsame dateien\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\gemein~1\symant~1\virusd~1\20110324.016\naveng.sys [2011-3-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\gemein~1\symant~1\virusd~1\20110324.016\navex15.sys [2011-3-25 1360760]
S1 ethxcvhp;ethxcvhp; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 SavRoam;SAVRoam;c:\programme\symantec antivirus\SavRoam.exe [2006-11-27 120416]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [2009-2-14 46104]
S3 XDva369;XDva369; [x]
S3 XDva383;XDva383; [x]
.
=============== Created Last 30 ================
.
2011-03-27 21:41:10 -------- dc-h--w- c:\windows\ie8
2011-03-27 11:34:19 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\PackageAware
2011-03-26 10:36:10 -------- d-----w- c:\dokume~1\admini~1\lokale~1\anwend~1\Threat Expert
2011-03-25 22:55:29 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\SecTaskMan
2011-03-20 18:45:45 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Spybot - Search & Destroy
2011-03-20 10:23:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-19 12:31:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-18 19:49:29 -------- d-----w- c:\programme\ESET
2011-03-17 20:12:51 -------- d-----w- C:\bd_logs
2011-03-12 16:35:20 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-12 16:35:19 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-12 13:27:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-12 13:27:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 13:26:58 -------- d-----w- C:\MRecord
2011-03-08 23:17:06 71880 ----a-w- c:\windows\system32\PxSecure.dll-204976953
.
==================== Find3M ====================
.
2011-02-18 17:36:23 1409 ----a-w- c:\windows\QTFont.for
2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:10 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75FJA1 rev.14.03G14 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2BA439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2c07b8]; MOV EAX, [0x8a2c0834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A33EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A3C0D58]
\Driver\atapi[0x8A318F38] -> IRP_MJ_CREATE -> 0x8A2BA439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD400BB-75FJA1______________________14.03G14#4457572d4143434a303234313634203420202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2BA27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:06:20.56 ===============
Spybot results >>>>
Click.GiftLoad: [SBI $89783858] Benutzereinstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Log: Activity: SchedLgU.Txt (Datei sichern, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Datei sichern, nothing done)
C:\WINDOWS\imsins.log
Log: Install: comsetup.log (Datei sichern, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Datei sichern, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupapi.log (Datei sichern, nothing done)
C:\WINDOWS\setupapi.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Datei sichern, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Internet Explorer: [SBI $FF589D0C] Download directory (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Internet Explorer\Download Directory
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 10.0: [SBI $65F660A1] Internet history (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Office\10.0\Common\Internet\UseRWHlinkNavigation
MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Search Assistant\ACMru
Windows: [SBI $1E4E2003] Drivers installation paths (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $AA0766B5] Stream history (7 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (24 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (2 Dateien) (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-03-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I look forward to any help that can be offered.
Thank you in advance. Regards
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as
button.
