This may sound like a really stupid question but where is the best place to put or base Autoruns and ProcessExplorer? I have just successfully removed (after about an hour of struggling) a most irritating plugin from the Bank of Brazil which hooks in to the winlogon process. It's the gbieh.dll and the GbpSv.exe files which have driven me mad doing that. And I'd only popped over there for a brief visit. Annoying thing was that it'd installed itself as a service without asking with automatic starting and all the options for manual/stopping/disabling all greyed out! Couldn't stop the thing as you can with other services. Such a well-mannered piece of software - NOT! A sloppy piece of software design in the name of banking security!

Those two programs have been a lifesaver for me tonight - and that wretched plugin was not even an infection!
I really do owe SysInternals much for those useful, nay, essential tools, not just for malware-fighting but for certain types of software troubleshooting too.

I just can't make up my mind where to run them from; do you keep them in their respective folders on your desktop (ie logged-on user's account) or perhaps on the root drive or is it better to put them in ProgramFiles?

Also when you update them do you prefer to uninstall them, reboot and then download the newer version or do you install over the version that you've got?

Too wordy tonight - just relieved I got rid of that waste of space!! The Bank of Brazil will not be getting my custom-that's for sure.

I think everyone does things their own way. No real right or wrong method. Some users put them in the Windows folder (I myself don't like that method).
Some users put it in another folder that is in the path.

I prefer to do it something like this so that it remains clean and I can use any version I want or need to use.

ADMIN
--->SysInternals
------->AutoRuns
---------->v9.50
---------->v9.51
---------->v9.52
---------->v9.53
etc

----------->ProcessExplorer
-------------->vx
etc

Thanks for your considered response, Advanced Setup; I'll give that some thought.

Methinks I need to look again at the tightness of my web browser ; but considering I was just looking at that bank's homepage this sort of plugin software behaviour can't do the bank's reputation any good.

NB.There is apparently a Vundo infection (likely to be several variants if it is Vundo) with the same or a very similar filename (to gbieh.dll) which is / has been causing trouble with users of Brazilian banks (not just the Bank of Brazil). I can't remember offhand how dated the information obtained from Sophos and other sources was but it can be Googled. Be careful out there!

Autoruns and ProcessExplorer (and pretty much all the rest of the SysInternals tools) are completely portable. The only thing they leave behind after running them are some registry entries so you can overwrite an existing version with a newer version, delete the old one then grab the new one, or use the archival method as AdvancedSetup does it . Personally, I just have a folder with many utilities in it and Autoruns and ProcessExplorer have their own folders within that . I have a link to Autoruns pinned to my Start Menu for convenience since it's one of my all-time favorite tools. There is one nifty thing about those 2 particular SysInternals tools though, you can open a file that shows up in Autoruns directly in ProcessExplorer if the two are stored in the same folder .

Aha! I thought there was some sort of relationship between those two. There's a Process Explorer entry in Autoruns in the context menu and if clicked on you get an "error-type" message to the effect that "Proc Exp is not in the path". Odd wording, that, in my opinion but then this is Microsoft talking here

Is there any benefit from having older versions of those two programs - indeed anybody know where you can get them?

Thanks for expanding on that, exile

I've put them both in their own folders in Program Files - will probably change that; access to them unecessarily long and of course, as you say, exile, they can't "see" each other that way. Not good. Will have to change it in a moment or two.

Yes, keeping them somewhere besides Program Files would be better for quick access as well as moving them to a location that does not require administrative privelages to write to (although if you're on XP you'd seldom notice the difference).

I have a correction, it doesn't matter where ProcessExplorer is stored as long as it's running, you can use the right-click Process Explorer entry in Autoruns:From here (look under Usage ).

Noted, with thanks, and will read it later when I get in.