BillDL
asked on
Can somebody please explain this registry value
Here's an exported .reg file from my Win98se system.
REGEDIT4
[HKEY_LOCAL_MACHINE\System \CurrentCo ntrolSet\C ontrol\Shu tdown]
"FastReboot"="0"
"SetupProgramRan"=dword:00 000002
[HKEY_LOCAL_MACHINE\System \CurrentCo ntrolSet\C ontrol\Shu tdown\Excl usionList]
"DVP"=""
"NAVEX"=""
I know what the "FastReboot" entry is, but I was wondering if somebody knows precicely how the other values are used by the system. I don't have any shutdown hangs, so this is a query rather than looking to resolve a problem.
NAVEX seems to relate to my Norton AntiVirus. I have a bunch of NAVEX32a.VXD, .SYS and .DLL files, and also a lot of NAVEX15. vxd, definition files, sys files, and vxd's, but none named NAVEX.whatever. I assume it's a generic process name.
I have a sub-key named NAVEX15.EXP in the key:
HKEY_LOCAL_MACHINE\Softwar e\Symantec \Norton Rescue\Basic Rescue\{D3168B01-3A45-11D3 -A043-0010 5ACD6E0E}\ {18FE0D44- FDAA-11D8- BC95-853A4 93F740C}\I tems\{D316 8938-3A45- 11D3-A043- 00105ACD6E 0E}\ with the {default) StringValue set to "-2", but that is all.
The only file I have named "DVP" is a C source code header file DVP.H, and that's amongst program backups on another drive. There are no other instances of DVP in my registry.
So, what action do the entries in the key ...\ExclusionList actually have on my system, or are they overridden by the FastReboot=0 value? Would they have been processes forced to remain open until shutdown?
Also, what is the significance of the DWORD Value named "SetupProgramRan" and why is it set to 2?
I've searched google extensively and, while there are a lot of hits explaining that you can delete the NAVEX value to stop screen hangs at shutdown, none of them have actually explained how it works. Some Anti Virus and Pest-related sites also tell you to delete "SetProgramRan", but they don't explain why.
I'm full of ideas and guesses, but I need someone who knows for certain about this to explain it or point me to a good url that does.
Thanks
Bill
REGEDIT4
[HKEY_LOCAL_MACHINE\System
"FastReboot"="0"
"SetupProgramRan"=dword:00
[HKEY_LOCAL_MACHINE\System
"DVP"=""
"NAVEX"=""
I know what the "FastReboot" entry is, but I was wondering if somebody knows precicely how the other values are used by the system. I don't have any shutdown hangs, so this is a query rather than looking to resolve a problem.
NAVEX seems to relate to my Norton AntiVirus. I have a bunch of NAVEX32a.VXD, .SYS and .DLL files, and also a lot of NAVEX15. vxd, definition files, sys files, and vxd's, but none named NAVEX.whatever. I assume it's a generic process name.
I have a sub-key named NAVEX15.EXP in the key:
HKEY_LOCAL_MACHINE\Softwar
The only file I have named "DVP" is a C source code header file DVP.H, and that's amongst program backups on another drive. There are no other instances of DVP in my registry.
So, what action do the entries in the key ...\ExclusionList actually have on my system, or are they overridden by the FastReboot=0 value? Would they have been processes forced to remain open until shutdown?
Also, what is the significance of the DWORD Value named "SetupProgramRan" and why is it set to 2?
I've searched google extensively and, while there are a lot of hits explaining that you can delete the NAVEX value to stop screen hangs at shutdown, none of them have actually explained how it works. Some Anti Virus and Pest-related sites also tell you to delete "SetProgramRan", but they don't explain why.
I'm full of ideas and guesses, but I need someone who knows for certain about this to explain it or point me to a good url that does.
Thanks
Bill
ASKER
Whoops, I said 500, didn't I, in which case I think that's the max I can give.
I've been waiting for an answer also. I don't have a clue, but am interested. Looks like you might have stumped us. : )
ASKER
Oh, don't say that. Surely nobody on this earth could stump the team at Experts-Exchange :-)
Maybe Windows programmers might be in a better position to hazard some educated guesses.
Oh, well. I'll hang in here for a few days and see if anyone is attracted by the "500 point" comment in Community Support.
Maybe Windows programmers might be in a better position to hazard some educated guesses.
Oh, well. I'll hang in here for a few days and see if anyone is attracted by the "500 point" comment in Community Support.
You've got me, I've deleted the NAVDX key a few times, but have never been able to figure out exactly what everything in there does. Google has provided little.
ASKER
Thanks for checking in here Sootah. I'm glad I'm not the only one who has rooted around in that key and tested to see what deleting the key actually does. Nothing, as far as I can determine, but why is it there? Strange that google didn't come up with an answer at the time, but I see one that I'm sure didn't show before:
http://www.techadvice.com/w98/S/Shutdown.htm
It appears that, because I have never experienced shutdown issues, that this registry entry NAVEX has had no significance.
The DVP entry seems to go hand-in-hand with the various hits, like this german page translated in google:
http://translate.google.com/translate?hl=en&sl=de&u=http://www.pcwelt.de/forum/archive/index.php/t-129781.html&prev=/search%3Fq%3DHKEY_LOCAL_MACHINE%255CSystem%255CCurrentControlSet%255CControl%255CShutdown%255CExclusionList%2BDVP%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26sa%3DG
I love the final feedback message:
"rear most turbo, best one thanks, will try it out equal tomorrow, because I do not have this system momentarily locally, nevertheless, best one thanks already times first, here one am unfortunately helped, can only sagen,,, "continue to make really very fast sooo" ""
genuinly super...;))"
In fact, "turbo" refers to the person who posted the previous comment, it wasn't anything to do with a natural wind problem ;-)
One disturbing hit on google (while searching the "SetupProgramRan" DWord) relates to spyware (FreeScratchAndWin and, and suggests deleting the "Dword" entry.
http://www.doxdesk.com/parasite/FreeScratchAndWin.html
This page indicates that A Spyware remover finds the entry, allows removal, but it is then reinstated:
http://www.buriedtruth.com/spysoftware/spynews/spyware-newgroup-archive/spyware-newgroup-archive-p-1123.html
And again a .reg file of changes made when an "Application Launcher" seemingly named "timwin.exe", and "Blitzrechnen 1+2" were installed:
http://www.leu.bw.schule.de/allg/son/tim3/tim3reg.txt
http://www.leu.bw.schule.de/allg/son/blitz12/blitzreg.txt
The installation of Adobe Acrobat viewer appears to have changed the value of "SetupProgramRan" from 1 to 2 this person's registry:
http://www.multingles.net/docs/mic_ar4.htm
The only thing I can think is that it relates to the last software installed.
Who knows, but I will just wait this out and see if anyone else has any solid knowledge of this.
http://www.techadvice.com/w98/S/Shutdown.htm
It appears that, because I have never experienced shutdown issues, that this registry entry NAVEX has had no significance.
The DVP entry seems to go hand-in-hand with the various hits, like this german page translated in google:
http://translate.google.com/translate?hl=en&sl=de&u=http://www.pcwelt.de/forum/archive/index.php/t-129781.html&prev=/search%3Fq%3DHKEY_LOCAL_MACHINE%255CSystem%255CCurrentControlSet%255CControl%255CShutdown%255CExclusionList%2BDVP%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26sa%3DG
I love the final feedback message:
"rear most turbo, best one thanks, will try it out equal tomorrow, because I do not have this system momentarily locally, nevertheless, best one thanks already times first, here one am unfortunately helped, can only sagen,,, "continue to make really very fast sooo" ""
genuinly super...;))"
In fact, "turbo" refers to the person who posted the previous comment, it wasn't anything to do with a natural wind problem ;-)
One disturbing hit on google (while searching the "SetupProgramRan" DWord) relates to spyware (FreeScratchAndWin and, and suggests deleting the "Dword" entry.
http://www.doxdesk.com/parasite/FreeScratchAndWin.html
This page indicates that A Spyware remover finds the entry, allows removal, but it is then reinstated:
http://www.buriedtruth.com/spysoftware/spynews/spyware-newgroup-archive/spyware-newgroup-archive-p-1123.html
And again a .reg file of changes made when an "Application Launcher" seemingly named "timwin.exe", and "Blitzrechnen 1+2" were installed:
http://www.leu.bw.schule.de/allg/son/tim3/tim3reg.txt
http://www.leu.bw.schule.de/allg/son/blitz12/blitzreg.txt
The installation of Adobe Acrobat viewer appears to have changed the value of "SetupProgramRan" from 1 to 2 this person's registry:
http://www.multingles.net/docs/mic_ar4.htm
The only thing I can think is that it relates to the last software installed.
Who knows, but I will just wait this out and see if anyone else has any solid knowledge of this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your interest, BeastofBodmin. Yes, after finding this key while browsing (yes, I know it's sad, I have been known to "browse" the registry :-), those were the kind of pages that kept coming up in my google searches.
That's really what made my question a little more than just curiosity. I wondered why spyware, etc, would be using that key, and why legitimate programs would also be listed there.
The annoying thing about ALL of those pages is that NONE of them actually explain WHY they suggest deleting the key. Perhaps they found out by accident that it does something beneficial, but they don't know what it does either.
Strange that your system doesn't have this key at all though. It MUST be one created by only a handful of programs that specifically need to use this entry, and there would be no sense in it persisting if it only had a "one time" use. My feeling is that it is more significant than mere registry clutter.
I believe that your idea is the best explanation and goes in parallel with what I have been thinking. A "validation check" of sorts.
Consider this:
You run the installer program for Norton AntiVirus, and during the process it needs to reboot the system to write settings to the registry (or to create an entry in the "RunOnce" key that it must catch on the reboot for it to work).
IF "FastReboot" was ENABLED (ie. set to 1 instead of 0), then this might be detrimental to the installation process. It therefore lists the named program as an EXCLUSION to the rule set by the "FastReboot" entry.
By changing the value of the "SetupProgramRan" just before the system reboots, it thus recognises that the restart was mid-way through an install and tells it NOT to perform a "Fast Shutdown".
Perhaps it is also a way of storing an instruction that is READ at STARTUP in the event that the system is shut down rather than restarted. On most occasions, if the system was mid-way through an install and it was shut down, you would tend to think that this would "break the process" and lead to an aborted install. EXCEPT where, when the computer is powered up the next time, the registry tells the system that there had been an installation in progress, and to finish the process.
This notion is made slightly more credible by the fact that the only NAVEX*.* files on my system are navex??.vxd, .dll, and .sys files that reside in the folder where the virus definitions are stored for use by Norton AntiVirus. With MY version, virus definitions are INSTALLED by Norton AntiVirus using what they refer to as the "Intelligent Updater", and the computer needs a reboot before that definition is loaded by NAV.
An embellishment to this train of thought is that Norton AntiVirus intercepts a virus as a file is accessed and needs to try and fix or delete the file. If the file was in use, then this is often impossible unless the file is unloaded from memory. Assuming that this interception was made while something malicious was trying to INSTALL whatever payload it normally delivers, then this might be important if part of that process caused a forced reboot. By detecting that this was a "setup" program by means of the change to the "SetupProgramRan" value, then a "Fast Reboot" might not allow NAV to fully unload the file from memory and fix/delete it. So, by making this an exception, the system is forced to perform a more standard shutdown and restart where all the running processes that cause shutdown problems in Win98SE can be fully offloaded and fixed.
A good theory, or just too much thinking time on my hands???
That's really what made my question a little more than just curiosity. I wondered why spyware, etc, would be using that key, and why legitimate programs would also be listed there.
The annoying thing about ALL of those pages is that NONE of them actually explain WHY they suggest deleting the key. Perhaps they found out by accident that it does something beneficial, but they don't know what it does either.
Strange that your system doesn't have this key at all though. It MUST be one created by only a handful of programs that specifically need to use this entry, and there would be no sense in it persisting if it only had a "one time" use. My feeling is that it is more significant than mere registry clutter.
I believe that your idea is the best explanation and goes in parallel with what I have been thinking. A "validation check" of sorts.
Consider this:
You run the installer program for Norton AntiVirus, and during the process it needs to reboot the system to write settings to the registry (or to create an entry in the "RunOnce" key that it must catch on the reboot for it to work).
IF "FastReboot" was ENABLED (ie. set to 1 instead of 0), then this might be detrimental to the installation process. It therefore lists the named program as an EXCLUSION to the rule set by the "FastReboot" entry.
By changing the value of the "SetupProgramRan" just before the system reboots, it thus recognises that the restart was mid-way through an install and tells it NOT to perform a "Fast Shutdown".
Perhaps it is also a way of storing an instruction that is READ at STARTUP in the event that the system is shut down rather than restarted. On most occasions, if the system was mid-way through an install and it was shut down, you would tend to think that this would "break the process" and lead to an aborted install. EXCEPT where, when the computer is powered up the next time, the registry tells the system that there had been an installation in progress, and to finish the process.
This notion is made slightly more credible by the fact that the only NAVEX*.* files on my system are navex??.vxd, .dll, and .sys files that reside in the folder where the virus definitions are stored for use by Norton AntiVirus. With MY version, virus definitions are INSTALLED by Norton AntiVirus using what they refer to as the "Intelligent Updater", and the computer needs a reboot before that definition is loaded by NAV.
An embellishment to this train of thought is that Norton AntiVirus intercepts a virus as a file is accessed and needs to try and fix or delete the file. If the file was in use, then this is often impossible unless the file is unloaded from memory. Assuming that this interception was made while something malicious was trying to INSTALL whatever payload it normally delivers, then this might be important if part of that process caused a forced reboot. By detecting that this was a "setup" program by means of the change to the "SetupProgramRan" value, then a "Fast Reboot" might not allow NAV to fully unload the file from memory and fix/delete it. So, by making this an exception, the system is forced to perform a more standard shutdown and restart where all the running processes that cause shutdown problems in Win98SE can be fully offloaded and fixed.
A good theory, or just too much thinking time on my hands???
ASKER
But what the hell is DVP then ?? As I said earlier on, no DVP*.* files reside on my computer apart from one.
dvp.h
DirectDrawVideoPort include (header) file used by Borland's C++ 5.5 free command line C and C++ compiler that I haven't used on this computer since it was last formatted, and the file is amongst my backup programs on a partition anyway.
dvp.h
DirectDrawVideoPort include (header) file used by Borland's C++ 5.5 free command line C and C++ compiler that I haven't used on this computer since it was last formatted, and the file is amongst my backup programs on a partition anyway.
BillDL,
Take a look at the following link :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncenet/html/cetk.asp
DVP stands for Driver Validation Program.
Take a look at the following link :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncenet/html/cetk.asp
DVP stands for Driver Validation Program.
ASKER
Thanks for your interest, paraghs. It's an interesting page, and an equally interesting theory, but I cannot see how it would be related to my setup.
The page centres on a discussion about the "Windows CE .NET Test Kit (CETK)" intended to test embedded devices and drivers based on Windows CE .NET. The "Driver Validation Program" (DVP) provides developers, Hardware Vendors, etc the opportunity to validate their drivers for use with Windows CE .NET operating systems.
Unfortunately this has no relation to anything I have done with this computer. The nearest it has ever come to Windows CE was an iPaq PocketPC connected via usb and synchronised with ActiveSync. No programming or testing involved, unless there is some automated testing of drivers at the client side performed by Windows 98 to allow the interface, but I can't understand a singular mention of DVP in the registry or system files.
Apart from that, the ipaq hasn't been connected, and interface software not installed, since I last formatted.
The DVP Acronym derivation (Driver Verification Program) is something that I will search for and see what I can dig up though.
Thanks for that info.
The page centres on a discussion about the "Windows CE .NET Test Kit (CETK)" intended to test embedded devices and drivers based on Windows CE .NET. The "Driver Validation Program" (DVP) provides developers, Hardware Vendors, etc the opportunity to validate their drivers for use with Windows CE .NET operating systems.
Unfortunately this has no relation to anything I have done with this computer. The nearest it has ever come to Windows CE was an iPaq PocketPC connected via usb and synchronised with ActiveSync. No programming or testing involved, unless there is some automated testing of drivers at the client side performed by Windows 98 to allow the interface, but I can't understand a singular mention of DVP in the registry or system files.
Apart from that, the ipaq hasn't been connected, and interface software not installed, since I last formatted.
The DVP Acronym derivation (Driver Verification Program) is something that I will search for and see what I can dig up though.
Thanks for that info.
ASKER
If this is indeed some type of driver verification routine, perhaps the fact that it is an "excusion" from fast shutdown is something intended to retain drivers in memory during a fast reboot, which otherwise might miss out on being re-initialized at the very first stages of boot. A wild guess?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think that the combination of gueses is probably pretty close to the truth here, and probably as close as we'll ever get.
I am going to split points here because of the 2 part nature of the question which has been addressed by both of you.
Thank you for your input.
Bill
I am going to split points here because of the 2 part nature of the question which has been addressed by both of you.
Thank you for your input.
Bill
Thanks Bill.
ASKER