none
File not found: PROCEXP151.SYS

    Question

  • I found this entry in the 'Services' section. I assume it has to do with Process Explorer 15.1

    Any idea what this file was/is used for and does Process Explorer need it to work properly or can I just delete it..? Thanks.
    Thursday, December 22, 2011 5:37 AM

All replies

  • When you run Process Explorer it extracts the driver file, loads it into memory and removes the file from the hard drive.
    You could delete the service entry for PROCEXP151.SYS but it would simply return when you run Process Explorer again.

    Richard S.
    Thursday, December 22, 2011 6:33 AM
  • When you run Process Explorer it extracts the driver file, loads it into memory and removes the file from the hard drive.
    You could delete the service entry for PROCEXP151.SYS but it would simply return when you run Process Explorer again.

    Richard S.

    Wouldn't be better if Process Explorer removes the driver entry when closed? Other applications that makes use of temporary drivers do this.
    Monday, December 26, 2011 6:24 AM
  • Greetings,

     

    I have a question/problem with "procexp.exe" and "PROCEXP151.SYS" in particular. This Forum thread seemed to be the only one dedicated to "PROCEXP151.SYS", so I chose to update this thread since it addresses my problem too.

     

    1. I replaced my 32-bit XP with a 64-bit Windows 7 PC about a month ago. I copied all of my scripts, tools, and utilities to the new PC.

    2 . I put the copied procexp.exe (v15.05) in my Startup directory. It worked fine.

    3. I started using the SysInternal's autorunsc -M, -S, and -T to monitor changes to my start-up stuff. I use a script and a comparison utility to compare the new reports with "reference" reports.

    4. I put the script in my Startup directory and I have run the script manually numerous times for about two weeks. Everything was fine, until...

    5. Two days ago, I downloaded and installed the latest SysInternal tools, which included procexp.exe v15.11. I replaced v15.05 with it in my Startup directory.

    6. My comparison utility started detecting these additions to the autorunsc -S (Autostart services and non-disabled drivers) reports:

     

       PROCEXP151

         \??\C:\Windows\system32\Drivers\PROCEXP151.SYS

         File not found: C:\Windows\system32\Drivers\PROCEXP151.SYS

     

    7. I removed procexp.exe v15.11 from my Startup directory. I double-checked that it was removed, and I checked the "All Users" Startup directory which was empty.

    8. I Restarted my PC a few times and was still getting the error messages in the autorunsc -S reports after a PC Restart - with procexp.exe removed. I double-checked that it was not running.

    9. I put the procexp.exe v15.05 back in the Startup directory thinking it might clear up the condition that is causing the error messages - it didn't.

    10. I searched my Registry for "PROCEXP151.SYS" and found six. Three were the result of my investigation activities that have nothing to do with Startup. The other three are always in the Registry, AND their time-stamps are those of the most recent PC restart:

     

    1/3/2012 12:44:45 PM

    HKLM\SYSTEM\ControlSet001\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

    HKLM\SYSTEM\ControlSet002\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

    HKLM\SYSTEM\CurrentControlSet\services\PROCEXP151            ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 12:44:45 PM    47          

     

    1/3/2012 1:32:30 PM

    HKLM\SYSTEM\ControlSet001\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

    HKLM\SYSTEM\ControlSet002\services\PROCEXP151     ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

    HKLM\SYSTEM\CurrentControlSet\services\PROCEXP151            ImagePath          REG_SZ                \??\C:\Windows\system32\Drivers\PROCEXP151.SYS           1/3/2012 1:32:30 PM       47          

     

    11. There are no Event Log "procexe" entries for these PC Restarts.

     

    12. I waited awhile after the last PC Restart and then manually started procexe.exe v15.11. The Process Explorer started normally. The Registry "PROCEXP151.SYS" entries were the same as the last PC Restart (1/3/2012 1:32:30 PM).

     

    Something is trying to use "PROCEXP151.SYS" - which is only created by, and used by, "procexp.exe" - even when "procexp.exe" is not being executed.

     

    Any help on what might be trying to use "PROCEXP151.SYS" would be greatly appreciated.

    Tuesday, January 3, 2012 4:38 PM
  • ? Look at the replay of redhawk . He already explained why you see those entries.
    Wednesday, January 4, 2012 10:58 AM
  • That's fine, except Redhawk wasn't distinguishing between procexp.exe v15.05 that didn’t have those entries, and v15.11 that started the messages which continued even if v15.05 was executed instead. Furthermore, the messages appear even if procexp.exe ISN'T executed in the reboot (see my #7 and #8  and "it would simply return when you run Process Explorer again.
    " from Redhawk's thread update).

     

    But, succinctness seems to be a Forum rule, so

    Wednesday, January 4, 2012 3:08 PM
  • I also stumbled onto this issue.  I agree with the previous poster that the driver should either remain on disk so as not to trigger 'file not found' errors, or the entry should be removed from the registry when ProcExp is shut down.
    Wednesday, January 4, 2012 7:57 PM
  • Also, Ryan_V didn't mention the "\??\C:\Windows\system32\Drivers\PROCEXP151.SYS" entry in the autoexpsc-S log and in the Registry. That's what I would consider to be
    Wednesday, January 4, 2012 9:49 PM
  • look at the drivername and at the file version of ProcExp. Don't you see why it isn't shown with ProcExp 15.05? is this sooooooo hard?
    Thursday, January 5, 2012 7:25 AM
  • Sorry, I didn't know this was an elementary school Forum.
     
    Have a nice day kiddies.
    Thursday, January 5, 2012 11:13 AM
  • Your issue was answered before you posted here. A bit of logical thinking is required to participate in a forum. I thinks it better for you to leave this place and bash somewhere else.
    Thursday, January 5, 2012 12:32 PM
  • This is causing an issue with our backups.  When the System State backup runs, an error or exception is generated due to the system not being able to find PROCEXP151.SYS.

    It would be better if, as previously suggested, Process Explorer either leaves the PROCEXP151.SYS file on disk or removes the driver registration when it deletes  the file.
    Monday, February 6, 2012 5:15 AM