Solved

Can somebody please explain this registry value

Posted on 2004-09-24
15
726 Views
Last Modified: 2013-12-29
Here's an exported .reg file from my Win98se system.

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Shutdown]
"FastReboot"="0"
"SetupProgramRan"=dword:00000002

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Shutdown\ExclusionList]
"DVP"=""
"NAVEX"=""

I know what the "FastReboot" entry is, but I was wondering if somebody knows precicely how the other values are used by the system.  I don't have any shutdown hangs, so this is a query rather than looking to resolve a problem.

NAVEX seems to relate to my Norton AntiVirus.  I have a bunch of NAVEX32a.VXD, .SYS and .DLL files, and also a lot of NAVEX15. vxd, definition files, sys files, and vxd's, but none named NAVEX.whatever.  I assume it's a generic process name.

I have a sub-key named NAVEX15.EXP in the key:

HKEY_LOCAL_MACHINE\Software\Symantec\Norton Rescue\Basic Rescue\{D3168B01-3A45-11D3-A043-00105ACD6E0E}\{18FE0D44-FDAA-11D8-BC95-853A493F740C}\Items\{D3168938-3A45-11D3-A043-00105ACD6E0E}\  with the {default) StringValue set to "-2", but that is all.

The only file I have named "DVP" is a C source code header file DVP.H, and that's amongst program backups on another drive.  There are no other instances of DVP in my registry.

So, what action do the entries in the key ...\ExclusionList actually have on my system, or are they overridden by the FastReboot=0 value?  Would they have been processes forced to remain open until shutdown?

Also, what is the significance of the DWORD Value named "SetupProgramRan" and why is it set to 2?

I've searched google extensively and, while there are a lot of hits explaining that you can delete the NAVEX value to stop screen hangs at shutdown, none of them have actually explained how it works.  Some Anti Virus and Pest-related sites also tell you to delete "SetProgramRan", but they don't explain why.

I'm full of ideas and guesses, but I need someone who knows for certain about this to explain it or point me to a good url that does.

Thanks
Bill
0
Comment
Question by:BillDL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 38

Author Comment

by:BillDL
ID: 12273675
Because of the lack of response to this question, I have increased the points to 500 in case experts are hesitant to research it for a measly 125 points.  This can easily be increased again if that is the stumbling block.  I would have thought that this was something you either knew or didn't know, which could well be the reason for lack of response  :-)  Surely some of our highly experienced experts must know this one?
0
 
LVL 38

Author Comment

by:BillDL
ID: 12273676
Whoops, I said 500, didn't I, in which case I think that's the max I can give.
0
 
LVL 32

Expert Comment

by:_
ID: 12273832
I've been waiting for an answer also. I don't have a clue, but am interested. Looks like you might have stumped us.    : )
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 38

Author Comment

by:BillDL
ID: 12274083
Oh, don't say that.  Surely nobody on this earth could stump the team at Experts-Exchange  :-)

Maybe Windows programmers might be in a better position to hazard some educated guesses.

Oh, well.  I'll hang in here for a few days and see if anyone is attracted by the "500 point" comment in Community Support.
0
 
LVL 2

Expert Comment

by:Sootah
ID: 12279556
You've got me, I've deleted the NAVDX key a few times, but have never been able to figure out exactly what everything in there does. Google has provided little.
0
 
LVL 38

Author Comment

by:BillDL
ID: 12283439
Thanks for checking in here Sootah.  I'm glad I'm not the only one who has rooted around in that key and tested to see what deleting the key actually does.  Nothing, as far as I can determine, but why is it there?  Strange that google didn't come up with an answer at the time, but I see one that I'm sure didn't show before:

http://www.techadvice.com/w98/S/Shutdown.htm

It appears that, because I have never experienced shutdown issues, that this registry entry NAVEX has had no significance.

The DVP entry seems to go hand-in-hand with the various hits, like this german page translated in google:

http://translate.google.com/translate?hl=en&sl=de&u=http://www.pcwelt.de/forum/archive/index.php/t-129781.html&prev=/search%3Fq%3DHKEY_LOCAL_MACHINE%255CSystem%255CCurrentControlSet%255CControl%255CShutdown%255CExclusionList%2BDVP%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26sa%3DG

I love the final feedback message:

"rear most turbo, best one thanks, will try it out equal tomorrow, because I do not have this system momentarily locally, nevertheless, best one thanks already times first, here one am unfortunately helped, can only sagen,,, "continue to make really very fast sooo" ""
genuinly super...;))"

In fact, "turbo" refers to the person who posted the previous comment, it wasn't anything to do with a natural wind problem ;-)

One disturbing hit on google (while searching the "SetupProgramRan" DWord)  relates  to spyware (FreeScratchAndWin and, and suggests deleting the "Dword" entry.

http://www.doxdesk.com/parasite/FreeScratchAndWin.html

This page indicates that A Spyware remover finds the entry, allows removal, but it is then reinstated:

http://www.buriedtruth.com/spysoftware/spynews/spyware-newgroup-archive/spyware-newgroup-archive-p-1123.html

And again a .reg file of changes made when an "Application Launcher" seemingly named "timwin.exe", and "Blitzrechnen 1+2" were installed:

http://www.leu.bw.schule.de/allg/son/tim3/tim3reg.txt
http://www.leu.bw.schule.de/allg/son/blitz12/blitzreg.txt

The installation of Adobe Acrobat viewer appears to have changed the value of "SetupProgramRan" from 1 to 2 this person's registry:

http://www.multingles.net/docs/mic_ar4.htm

The only thing I can think is that it relates to the last software installed.

Who knows, but I will just wait this out and see if anyone else has any solid knowledge of this.
0
 

Assisted Solution

by:BeastOfBodmin
BeastOfBodmin earned 150 total points
ID: 12315274
Hi BillDL

HAVE YOU SEEN THIS?

http://www.inet-mates.com/articles/6_rm_freescratchandwin.html

not being that up on this I too was interested to see what the answer is to this question, my quick feeling is that it is checking to see if the program / process indicated by the key it is contained within  has been run or not.

this is purely a guess though ! but in my experience sometimes programmes/ processes can be just there waiting to be called on and then there must be a way of not calling them again and again

I looked for the entry in my system but I do not see it at all HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\  is as far as I get , there is no shutdown
 
0
 
LVL 38

Author Comment

by:BillDL
ID: 12316471
Thanks for your interest, BeastofBodmin.  Yes, after finding this key while browsing (yes, I know it's sad, I have been known to "browse" the registry :-), those were the kind of pages that kept coming up in my google searches.

That's really what made my question a little more than just curiosity.  I wondered why spyware, etc, would be using that key, and why legitimate programs would also be listed there.

The annoying thing about ALL of those pages is that NONE of them actually explain WHY they suggest deleting the key.  Perhaps they found out by accident that it does something beneficial, but they don't know what it does either.

Strange that your system doesn't have this key at all though.  It MUST be one created by only a handful of programs that specifically need to use this entry, and there would be no sense in it persisting if it only had a "one time" use.  My feeling is that it is more significant than mere registry clutter.

I believe that your idea is the best explanation and goes in parallel with what I have been thinking.  A "validation check" of sorts.

Consider this:

You run the installer program for Norton AntiVirus, and during the process it needs to reboot the system to write settings to the registry (or to create an entry in the "RunOnce" key that it must catch on the reboot for it to work).

IF "FastReboot" was ENABLED (ie. set to 1 instead of 0), then this might be detrimental to the installation process.  It therefore lists the named program as an EXCLUSION to the rule set by the "FastReboot" entry.

By changing the value of the "SetupProgramRan" just before the system reboots, it thus recognises that the restart was mid-way through an install and tells it NOT to perform a "Fast Shutdown".

Perhaps it is also a way of storing an instruction that is READ at STARTUP in the event that the system is shut down rather than restarted.  On most occasions, if the system was mid-way through an install and it was shut down, you would tend to think that this would "break the process" and lead to an aborted install.  EXCEPT where, when the computer is powered up the next time, the registry tells the system that there had been an installation in progress, and to finish the process.

This notion is made slightly more credible by the fact that the only NAVEX*.* files on my system are navex??.vxd, .dll, and .sys files that reside in the folder where the virus definitions are stored for use by Norton AntiVirus.  With MY version, virus definitions are INSTALLED by Norton AntiVirus using what they refer to as the "Intelligent Updater", and the computer needs a reboot before that definition is loaded by NAV.

An embellishment to this train of thought is that Norton AntiVirus intercepts a virus as a file is accessed and needs to try and fix or delete the file.  If the file was in use, then this is often impossible unless the file is unloaded from memory.  Assuming that this interception was made while something malicious was trying to INSTALL whatever payload it normally delivers, then this might be important if part of that process caused a forced reboot.  By detecting that this was a "setup" program by means of the change to the "SetupProgramRan" value, then a "Fast Reboot" might not allow NAV to fully unload the file from memory and fix/delete it.  So, by making this an exception, the system is forced to perform a more standard shutdown and restart where all the running processes that cause shutdown problems in Win98SE can be fully offloaded and fixed.

A good theory, or just too much thinking time on my hands???
0
 
LVL 38

Author Comment

by:BillDL
ID: 12316492
But what the hell is DVP then ??  As I said earlier on, no DVP*.* files reside on my computer apart from one.

dvp.h

DirectDrawVideoPort include (header) file used by Borland's C++ 5.5 free command line C and C++ compiler that I haven't used on this computer since it was last formatted, and the file is amongst my backup programs on a partition anyway.
0
 
LVL 9

Expert Comment

by:paraghs
ID: 12479593
BillDL,

Take a look at the following link :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncenet/html/cetk.asp

DVP stands for Driver Validation Program.
0
 
LVL 38

Author Comment

by:BillDL
ID: 12480573
Thanks for your interest, paraghs.  It's an interesting page, and an equally interesting theory, but I cannot see how it would be related to my setup.

The page centres on a discussion about the "Windows CE .NET Test Kit (CETK)" intended to test embedded devices and drivers based on Windows CE .NET.  The "Driver Validation Program" (DVP) provides developers, Hardware Vendors, etc the opportunity to validate their drivers for use with Windows CE .NET operating systems.

Unfortunately this has no relation to anything I have done with this computer.  The nearest it has ever come to Windows CE was an iPaq PocketPC connected via usb and synchronised with ActiveSync.  No programming or testing involved, unless there is some automated testing of drivers at the client side performed by Windows 98 to allow the interface, but I can't understand a singular mention of DVP in the registry or system files.

Apart from that, the ipaq hasn't been connected, and interface software not installed, since I last formatted.

The DVP Acronym derivation (Driver Verification Program) is something that I will search for and see what I can dig up though.

Thanks for that info.

 
0
 
LVL 38

Author Comment

by:BillDL
ID: 12480599
If this is indeed some type of driver verification routine, perhaps the fact that it is an "excusion" from fast shutdown is something intended to retain drivers in memory during a fast reboot, which otherwise might miss out on being re-initialized at the very first stages of boot.  A wild guess?
0
 
LVL 9

Accepted Solution

by:
paraghs earned 350 total points
ID: 12480740
A google search for "Driver Verification Program" returns 173 results, with most DVPs for Sun Solaris.

But there is one interesting link at <http://www.ftponline.com/wss/2003_04/magazine/features/sreimer/default_pf.aspx>. It has only one reference to Driver Verification Program, and says :

"Windows servers have also been infamous for frequent occurrences of the "Blue Screen of Death"—an error condition that freezes the OS and usually requires a reboot. Microsoft addressed the reasons behind this problem to a great extent in Windows 2000 and worked out further issues in Windows Server 2003. Poorly written drivers account for most server crashes, and Microsoft has continued the Driver Verification program. If you try to install a driver that isn't certified for Windows Server 2003, you'll receive a warning. This helps you avoid endangering your servers' stability unnecessarily."

I think DVP is there where .net is.

Allow me to make another wild guess : Some programmes use DVP module during their setup. It is never required afterwards.

I have seen a large number of programmes leaving this DVP entry in registry. (I use System Mechanic to monitor regisrty).
0
 
LVL 38

Author Comment

by:BillDL
ID: 12481459
I think that the combination of gueses is probably pretty close to the truth here, and probably as close as we'll ever get.

I am going to split points here because of the 2 part nature of the question which has been addressed by both of you.

Thank you for your input.

Bill
0
 
LVL 9

Expert Comment

by:paraghs
ID: 12481529
Thanks Bill.
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question