Ex_Brit,
Thanks again. You're a great resource for us users and for McAfee/SiteAdvisor, and I hope they appreciate you. I know I do. Thanks for answering the questions I posted.
Thank you also, in advance, for bringing this up in Monday's conference call.
If McAfee developers/managers would like to contact me directly for diagnostics follow-up, I'll be glad to supply an email address & phone number if you can supply a way to send that privately, or I'll be glad to share the computer with them so they can look around.
For the purposes of your call, the folder C:\WINNT\Temp\SiteAdvisor was deleted by me after each instance, so it's being downloaded and re-created from somewhere at least. In addition to the aformentioned mcinst.exe file, I ran a dir of the other contents of that folder today before deleting it, piping it to a .txt file (the mcinst.exe file had been deleted when I made this, so is missing). The other contents of the folder were:
Directory of C:\WINNT\Temp\SiteAdvisor
06/13/2008 02:02 PM <DIR> .
06/13/2008 02:02 PM <DIR> ..
06/13/2008 02:02 PM 57,822 elist.cab
06/13/2008 02:02 PM 49,382 ffplg.cab
06/13/2008 02:02 PM 59,954 ieplg.cab
06/13/2008 02:02 PM 49,209 msacmain.cab
06/13/2008 02:02 PM 4,651 msacmain.inf
06/13/2008 02:02 PM 301,466 sac.cab
06/13/2008 02:02 PM 86,625 sachook.cab
06/13/2008 02:02 PM 62,889 sacimg.cab
06/13/2008 02:02 PM 87,272 sacomm.cab
06/13/2008 02:02 PM 470,118 sacore.cab
06/13/2008 02:02 PM 8,083 sacorinf.cab
06/13/2008 02:02 PM 64,873 sacres.cab
06/13/2008 02:02 PM 36,813 safeff.cab
06/13/2008 02:02 PM 58,392 safeie.cab
06/13/2008 02:02 PM 24,897 safelocalization.cab
06/13/2008 02:02 PM 6,746 subst.cab
06/13/2008 02:02 PM 2,638,621 ytb.cab
17 File(s) 4,067,813 bytes
2 Dir(s) 54,877,622,272 bytes free
I will attempt to report this to Kaspersky.
Regarding protected mode. I'm running the free version, and it's not included.
From the toolbar icon drop-down, today after reinstalling, I selected Get latest version to make sure. I'm told "You are running version 2.6.0.6261 of SiteAdvisor's plug-in. You are already using the latest version available. There is no need to re-install SiteAdvisor".
I will submit all this also to SiteAdvisor Feedback as you suggested.
Regarding Hijackthis. I'm not concerned at this point that I am infected. I am concerned rather that someting is trying to get in but is being stopped by Kaspersky.
The facts that I've confirmed that I'm running the currrent version, yet I've gotten the warning from Kaspersky twice; had the C:\WINNT\Temp\SiteAdvisor folder come back after deletion; and based on your answer that SA "dials home" for all information (which confirms it isn't downloading new definition files to my hard drive) is what's concerning me.
There appears to be no reason at all that SiteAdvisor would be trying to install anything.
FYI: One more site you may want to check out and add to your list of sites to post Hijackthis logs for help is
http://www.castlecops.com Excellent help there in their forums by trained technicians.
Thanks again,
Pat