Can somebody please explain this registry value

Here's an exported .reg file from my Win98se system.




I know what the "FastReboot" entry is, but I was wondering if somebody knows precicely how the other values are used by the system.  I don't have any shutdown hangs, so this is a query rather than looking to resolve a problem.

NAVEX seems to relate to my Norton AntiVirus.  I have a bunch of NAVEX32a.VXD, .SYS and .DLL files, and also a lot of NAVEX15. vxd, definition files, sys files, and vxd's, but none named NAVEX.whatever.  I assume it's a generic process name.

I have a sub-key named NAVEX15.EXP in the key:

HKEY_LOCAL_MACHINE\Software\Symantec\Norton Rescue\Basic Rescue\{D3168B01-3A45-11D3-A043-00105ACD6E0E}\{18FE0D44-FDAA-11D8-BC95-853A493F740C}\Items\{D3168938-3A45-11D3-A043-00105ACD6E0E}\  with the {default) StringValue set to "-2", but that is all.

The only file I have named "DVP" is a C source code header file DVP.H, and that's amongst program backups on another drive.  There are no other instances of DVP in my registry.

So, what action do the entries in the key ...\ExclusionList actually have on my system, or are they overridden by the FastReboot=0 value?  Would they have been processes forced to remain open until shutdown?

Also, what is the significance of the DWORD Value named "SetupProgramRan" and why is it set to 2?

I've searched google extensively and, while there are a lot of hits explaining that you can delete the NAVEX value to stop screen hangs at shutdown, none of them have actually explained how it works.  Some Anti Virus and Pest-related sites also tell you to delete "SetProgramRan", but they don't explain why.

I'm full of ideas and guesses, but I need someone who knows for certain about this to explain it or point me to a good url that does.

LVL 39
Who is Participating?
paraghsConnect With a Mentor Dy General ManagerCommented:
A google search for "Driver Verification Program" returns 173 results, with most DVPs for Sun Solaris.

But there is one interesting link at <>. It has only one reference to Driver Verification Program, and says :

"Windows servers have also been infamous for frequent occurrences of the "Blue Screen of Death"—an error condition that freezes the OS and usually requires a reboot. Microsoft addressed the reasons behind this problem to a great extent in Windows 2000 and worked out further issues in Windows Server 2003. Poorly written drivers account for most server crashes, and Microsoft has continued the Driver Verification program. If you try to install a driver that isn't certified for Windows Server 2003, you'll receive a warning. This helps you avoid endangering your servers' stability unnecessarily."

I think DVP is there where .net is.

Allow me to make another wild guess : Some programmes use DVP module during their setup. It is never required afterwards.

I have seen a large number of programmes leaving this DVP entry in registry. (I use System Mechanic to monitor regisrty).
BillDLAuthor Commented:
Because of the lack of response to this question, I have increased the points to 500 in case experts are hesitant to research it for a measly 125 points.  This can easily be increased again if that is the stumbling block.  I would have thought that this was something you either knew or didn't know, which could well be the reason for lack of response  :-)  Surely some of our highly experienced experts must know this one?
BillDLAuthor Commented:
Whoops, I said 500, didn't I, in which case I think that's the max I can give.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

I've been waiting for an answer also. I don't have a clue, but am interested. Looks like you might have stumped us.    : )
BillDLAuthor Commented:
Oh, don't say that.  Surely nobody on this earth could stump the team at Experts-Exchange  :-)

Maybe Windows programmers might be in a better position to hazard some educated guesses.

Oh, well.  I'll hang in here for a few days and see if anyone is attracted by the "500 point" comment in Community Support.
You've got me, I've deleted the NAVDX key a few times, but have never been able to figure out exactly what everything in there does. Google has provided little.
BillDLAuthor Commented:
Thanks for checking in here Sootah.  I'm glad I'm not the only one who has rooted around in that key and tested to see what deleting the key actually does.  Nothing, as far as I can determine, but why is it there?  Strange that google didn't come up with an answer at the time, but I see one that I'm sure didn't show before:

It appears that, because I have never experienced shutdown issues, that this registry entry NAVEX has had no significance.

The DVP entry seems to go hand-in-hand with the various hits, like this german page translated in google:

I love the final feedback message:

"rear most turbo, best one thanks, will try it out equal tomorrow, because I do not have this system momentarily locally, nevertheless, best one thanks already times first, here one am unfortunately helped, can only sagen,,, "continue to make really very fast sooo" ""
genuinly super...;))"

In fact, "turbo" refers to the person who posted the previous comment, it wasn't anything to do with a natural wind problem ;-)

One disturbing hit on google (while searching the "SetupProgramRan" DWord)  relates  to spyware (FreeScratchAndWin and, and suggests deleting the "Dword" entry.

This page indicates that A Spyware remover finds the entry, allows removal, but it is then reinstated:

And again a .reg file of changes made when an "Application Launcher" seemingly named "timwin.exe", and "Blitzrechnen 1+2" were installed:

The installation of Adobe Acrobat viewer appears to have changed the value of "SetupProgramRan" from 1 to 2 this person's registry:

The only thing I can think is that it relates to the last software installed.

Who knows, but I will just wait this out and see if anyone else has any solid knowledge of this.
BeastOfBodminConnect With a Mentor Commented:
Hi BillDL


not being that up on this I too was interested to see what the answer is to this question, my quick feeling is that it is checking to see if the program / process indicated by the key it is contained within  has been run or not.

this is purely a guess though ! but in my experience sometimes programmes/ processes can be just there waiting to be called on and then there must be a way of not calling them again and again

I looked for the entry in my system but I do not see it at all HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\  is as far as I get , there is no shutdown
BillDLAuthor Commented:
Thanks for your interest, BeastofBodmin.  Yes, after finding this key while browsing (yes, I know it's sad, I have been known to "browse" the registry :-), those were the kind of pages that kept coming up in my google searches.

That's really what made my question a little more than just curiosity.  I wondered why spyware, etc, would be using that key, and why legitimate programs would also be listed there.

The annoying thing about ALL of those pages is that NONE of them actually explain WHY they suggest deleting the key.  Perhaps they found out by accident that it does something beneficial, but they don't know what it does either.

Strange that your system doesn't have this key at all though.  It MUST be one created by only a handful of programs that specifically need to use this entry, and there would be no sense in it persisting if it only had a "one time" use.  My feeling is that it is more significant than mere registry clutter.

I believe that your idea is the best explanation and goes in parallel with what I have been thinking.  A "validation check" of sorts.

Consider this:

You run the installer program for Norton AntiVirus, and during the process it needs to reboot the system to write settings to the registry (or to create an entry in the "RunOnce" key that it must catch on the reboot for it to work).

IF "FastReboot" was ENABLED (ie. set to 1 instead of 0), then this might be detrimental to the installation process.  It therefore lists the named program as an EXCLUSION to the rule set by the "FastReboot" entry.

By changing the value of the "SetupProgramRan" just before the system reboots, it thus recognises that the restart was mid-way through an install and tells it NOT to perform a "Fast Shutdown".

Perhaps it is also a way of storing an instruction that is READ at STARTUP in the event that the system is shut down rather than restarted.  On most occasions, if the system was mid-way through an install and it was shut down, you would tend to think that this would "break the process" and lead to an aborted install.  EXCEPT where, when the computer is powered up the next time, the registry tells the system that there had been an installation in progress, and to finish the process.

This notion is made slightly more credible by the fact that the only NAVEX*.* files on my system are navex??.vxd, .dll, and .sys files that reside in the folder where the virus definitions are stored for use by Norton AntiVirus.  With MY version, virus definitions are INSTALLED by Norton AntiVirus using what they refer to as the "Intelligent Updater", and the computer needs a reboot before that definition is loaded by NAV.

An embellishment to this train of thought is that Norton AntiVirus intercepts a virus as a file is accessed and needs to try and fix or delete the file.  If the file was in use, then this is often impossible unless the file is unloaded from memory.  Assuming that this interception was made while something malicious was trying to INSTALL whatever payload it normally delivers, then this might be important if part of that process caused a forced reboot.  By detecting that this was a "setup" program by means of the change to the "SetupProgramRan" value, then a "Fast Reboot" might not allow NAV to fully unload the file from memory and fix/delete it.  So, by making this an exception, the system is forced to perform a more standard shutdown and restart where all the running processes that cause shutdown problems in Win98SE can be fully offloaded and fixed.

A good theory, or just too much thinking time on my hands???
BillDLAuthor Commented:
But what the hell is DVP then ??  As I said earlier on, no DVP*.* files reside on my computer apart from one.


DirectDrawVideoPort include (header) file used by Borland's C++ 5.5 free command line C and C++ compiler that I haven't used on this computer since it was last formatted, and the file is amongst my backup programs on a partition anyway.
paraghsDy General ManagerCommented:

Take a look at the following link :

DVP stands for Driver Validation Program.
BillDLAuthor Commented:
Thanks for your interest, paraghs.  It's an interesting page, and an equally interesting theory, but I cannot see how it would be related to my setup.

The page centres on a discussion about the "Windows CE .NET Test Kit (CETK)" intended to test embedded devices and drivers based on Windows CE .NET.  The "Driver Validation Program" (DVP) provides developers, Hardware Vendors, etc the opportunity to validate their drivers for use with Windows CE .NET operating systems.

Unfortunately this has no relation to anything I have done with this computer.  The nearest it has ever come to Windows CE was an iPaq PocketPC connected via usb and synchronised with ActiveSync.  No programming or testing involved, unless there is some automated testing of drivers at the client side performed by Windows 98 to allow the interface, but I can't understand a singular mention of DVP in the registry or system files.

Apart from that, the ipaq hasn't been connected, and interface software not installed, since I last formatted.

The DVP Acronym derivation (Driver Verification Program) is something that I will search for and see what I can dig up though.

Thanks for that info.

BillDLAuthor Commented:
If this is indeed some type of driver verification routine, perhaps the fact that it is an "excusion" from fast shutdown is something intended to retain drivers in memory during a fast reboot, which otherwise might miss out on being re-initialized at the very first stages of boot.  A wild guess?
BillDLAuthor Commented:
I think that the combination of gueses is probably pretty close to the truth here, and probably as close as we'll ever get.

I am going to split points here because of the 2 part nature of the question which has been addressed by both of you.

Thank you for your input.

paraghsDy General ManagerCommented:
Thanks Bill.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.