Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Autoruns
  New Posts New Posts RSS Feed - File not found: PROCEXP151.SYS
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

File not found: PROCEXP151.SYS

 Post Reply Post Reply Page  12>
Author
Message
Ryan_V View Drop Down
Newbie
Newbie


Joined: 22 December 2011
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote Ryan_V Quote  Post ReplyReply Direct Link To This Post Topic: File not found: PROCEXP151.SYS
    Posted: 22 December 2011 at 1:37pm
I found this entry in the 'Services' section. I assume it has to do with Process Explorer 15.1

Any idea what this file was/is used for and does Process Explorer need it to work properly or can I just delete it..? Thanks.
Back to Top
redhawk View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 14 September 2005
Location: United Kingdom
Status: Offline
Points: 1357
Post Options Post Options   Thanks (0) Thanks(0)   Quote redhawk Quote  Post ReplyReply Direct Link To This Post Posted: 22 December 2011 at 2:33pm
When you run Process Explorer it extracts the driver file, loads it into memory and removes the file from the hard drive.
You could delete the service entry for PROCEXP151.SYS but it would simply return when you run Process Explorer again.

Richard S.
Back to Top
david.lynch View Drop Down
Newbie
Newbie
Avatar

Joined: 10 February 2010
Status: Offline
Points: 17
Post Options Post Options   Thanks (0) Thanks(0)   Quote david.lynch Quote  Post ReplyReply Direct Link To This Post Posted: 26 December 2011 at 2:24pm
Originally posted by redhawk redhawk wrote:

When you run Process Explorer it extracts the driver file, loads it into memory and removes the file from the hard drive.
You could delete the service entry for PROCEXP151.SYS but it would simply return when you run Process Explorer again.

Richard S.

Wouldn't be better if Process Explorer removes the driver entry when closed? Other applications that makes use of temporary drivers do this.
Back to Top
siuser View Drop Down
Newbie
Newbie
Avatar

Joined: 03 January 2012
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote siuser Quote  Post ReplyReply Direct Link To This Post Posted: 04 January 2012 at 12:38am

Greetings,

 

I have a question/problem with "procexp.exe" and "PROCEXP151.SYS" in particular. This Forum thread seemed to be the only one dedicated to "PROCEXP151.SYS", so I chose to update this thread since it addresses my problem too.

 

1. I replaced my 32-bit XP with a 64-bit Windows 7 PC about a month ago. I copied all of my scripts, tools, and utilities to the new PC.

2 . I put the copied procexp.exe (v15.05) in my Startup directory. It worked fine.

3. I started using the SysInternal's autorunsc -M, -S, and -T to monitor changes to my start-up stuff. I use a script and a comparison utility to compare the new reports with "reference" reports.

4. I put the script in my Startup directory and I have run the script manually numerous times for about two weeks. Everything was fine, until...

5. Two days ago, I downloaded and installed the latest SysInternal tools, which included procexp.exe v15.11. I replaced v15.05 with it in my Startup directory.

6. My comparison utility started detecting these additions to the autorunsc -S (Autostart services and non-disabled drivers) reports:

 

   PROCEXP151

     \??\C:\Windows\system32\Drivers\PROCEXP151.SYS

     File not found: C:\Windows\system32\Drivers\PROCEXP151.SYS

 

7. I removed procexp.exe v15.11 from my Startup directory. I double-checked that it was removed, and I checked the "All Users" Startup directory which was empty.

8. I Restarted my PC a few times and was still getting the error messages in the autorunsc -S reports after a PC Restart - with procexp.exe removed. I double-checked that it was not running.

9. I put the procexp.exe v15.05 back in the Startup directory thinking it might clear up the condition that is causing the error messages - it didn't.

10. I searched my Registry for "PROCEXP151.SYS" and found six. Three were the result of my investigation activities that have nothing to do with Startup. The other three are always in the Registry, AND their time-stamps are those of the most recent PC restart:

 

1/3/2012 12:44:45 PM

HKLM\SYSTEM\ControlSet001\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

HKLM\SYSTEM\ControlSet002\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

HKLM\SYSTEM\CurrentControlSet\services\PROCEXP151            ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

 

1/3/2012 1:32:30 PM

HKLM\SYSTEM\ControlSet001\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

HKLM\SYSTEM\ControlSet002\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

HKLM\SYSTEM\CurrentControlSet\services\PROCEXP151            ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

 

11. There are no Event Log "procexe" entries for these PC Restarts.

 

12. I waited awhile after the last PC Restart and then manually started procexe.exe v15.11. The Process Explorer started normally. The Registry "PROCEXP151.SYS" entries were the same as the last PC Restart (1/3/2012 1:32:30 PM).

 

Something is trying to use "PROCEXP151.SYS" - which is only created by, and used by, "procexp.exe" - even when "procexp.exe" is not being executed.

 

Any help on what might be trying to use "PROCEXP151.SYS" would be greatly appreciated.

Back to Top
MagicAndre1981 View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 08 January 2007
Location: Germany
Status: Offline
Points: 1894
Post Options Post Options   Thanks (0) Thanks(0)   Quote MagicAndre1981 Quote  Post ReplyReply Direct Link To This Post Posted: 04 January 2012 at 6:58pm
? Look at the replay of redhawk . He already explained why you see those entries.
Back to Top
siuser View Drop Down
Newbie
Newbie
Avatar

Joined: 03 January 2012
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote siuser Quote  Post ReplyReply Direct Link To This Post Posted: 04 January 2012 at 11:08pm

That's fine, except Redhawk wasn't distinguishing between procexp.exe v15.05 that didn’t have those entries, and v15.11 that started the messages which continued even if v15.05 was executed instead. Furthermore, the messages appear even if procexp.exe ISN'T executed in the reboot (see my #7 and #8  and "it would simply return when you run Process Explorer again.
" from Redhawk's thread update).

 

But, succinctness seems to be a Forum rule, so

Back to Top
luckman212 View Drop Down
Groupie
Groupie


Joined: 21 December 2005
Status: Offline
Points: 51
Post Options Post Options   Thanks (0) Thanks(0)   Quote luckman212 Quote  Post ReplyReply Direct Link To This Post Posted: 05 January 2012 at 3:57am
I also stumbled onto this issue.  I agree with the previous poster that the driver should either remain on disk so as not to trigger 'file not found' errors, or the entry should be removed from the registry when ProcExp is shut down.
Back to Top
siuser View Drop Down
Newbie
Newbie
Avatar

Joined: 03 January 2012
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote siuser Quote  Post ReplyReply Direct Link To This Post Posted: 05 January 2012 at 5:49am
Also, Ryan_V didn't mention the "\??\C:\Windows\system32\Drivers\PROCEXP151.SYS" entry in the autoexpsc-S log and in the Registry. That's what I would consider to be
Back to Top
MagicAndre1981 View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 08 January 2007
Location: Germany
Status: Offline
Points: 1894
Post Options Post Options   Thanks (0) Thanks(0)   Quote MagicAndre1981 Quote  Post ReplyReply Direct Link To This Post Posted: 05 January 2012 at 3:25pm
look at the drivername and at the file version of ProcExp. Don't you see why it isn't shown with ProcExp 15.05? is this sooooooo hard?
Back to Top
siuser View Drop Down
Newbie
Newbie
Avatar

Joined: 03 January 2012
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote siuser Quote  Post ReplyReply Direct Link To This Post Posted: 05 January 2012 at 7:13pm
Sorry, I didn't know this was an elementary school Forum.
 
Have a nice day kiddies.
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down