You are absolutely correct about any sort of "involvement". I think I'm just feeling a lack of conversation and brainstorming. I thought I had made it sort of clear that I wanted to be more involved in the process. It's hard just waiting and not running the purely diagnostic tools that might answer my questions.
Yes, that's the file I meant. I took it as a sign that it might be moving itself around like Klez did with random file names. The ink desktop observation is interesting - as we have tablets, I thought of it as likely ordinary. That would be a great place to hide, though.
I like puzzles and problems. Though I can get quite interested in my husband's race car work, he just can't quite get interested in my computer stuff, and my geek son moved out. I wish my helper would just ask me to run some scanning/info tools and talk to me. If I could find some how-it-works info on the tools, I would be tempted to do it myself. But then, my malware experience is 10 years old. LOL.
Thank you for the rootkit scanners. I keep eying my own laptop with great suspicion since transferring those nasty files.
I would love it if I had the option in Comodo to display domains instead of IP addresses, and then right click and say "block this domain". That would be great. I also wish Comodo would tell me which dll's and/or services are using each svchost like Process Explorer does. Heck, I wish I could find a programmer to design a firewall to my user interface requests. I think the ones that know enough to do it forget what the users don't know and might like to know. Hey, it could even look up the port assignments reserved with IANA (I think it was) that I found recently. Then if svchost - sub _qbot.dll was accessing private network via a port assigned to Outlook, I would think even an average person might say, "Hey, cut that out!" and block it. Meanwhile, I'm looking everything up and going, OK, OK. It's nuts!