Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Can somebody please explain this registry value

Posted on 2004-09-24
Medium Priority
Last Modified: 2013-12-29
Here's an exported .reg file from my Win98se system.




I know what the "FastReboot" entry is, but I was wondering if somebody knows precicely how the other values are used by the system.  I don't have any shutdown hangs, so this is a query rather than looking to resolve a problem.

NAVEX seems to relate to my Norton AntiVirus.  I have a bunch of NAVEX32a.VXD, .SYS and .DLL files, and also a lot of NAVEX15. vxd, definition files, sys files, and vxd's, but none named NAVEX.whatever.  I assume it's a generic process name.

I have a sub-key named NAVEX15.EXP in the key:

HKEY_LOCAL_MACHINE\Software\Symantec\Norton Rescue\Basic Rescue\{D3168B01-3A45-11D3-A043-00105ACD6E0E}\{18FE0D44-FDAA-11D8-BC95-853A493F740C}\Items\{D3168938-3A45-11D3-A043-00105ACD6E0E}\  with the {default) StringValue set to "-2", but that is all.

The only file I have named "DVP" is a C source code header file DVP.H, and that's amongst program backups on another drive.  There are no other instances of DVP in my registry.

So, what action do the entries in the key ...\ExclusionList actually have on my system, or are they overridden by the FastReboot=0 value?  Would they have been processes forced to remain open until shutdown?

Also, what is the significance of the DWORD Value named "SetupProgramRan" and why is it set to 2?

I've searched google extensively and, while there are a lot of hits explaining that you can delete the NAVEX value to stop screen hangs at shutdown, none of them have actually explained how it works.  Some Anti Virus and Pest-related sites also tell you to delete "SetProgramRan", but they don't explain why.

I'm full of ideas and guesses, but I need someone who knows for certain about this to explain it or point me to a good url that does.

Question by:BillDL
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Author Comment

ID: 12273675
Because of the lack of response to this question, I have increased the points to 500 in case experts are hesitant to research it for a measly 125 points.  This can easily be increased again if that is the stumbling block.  I would have thought that this was something you either knew or didn't know, which could well be the reason for lack of response  :-)  Surely some of our highly experienced experts must know this one?
LVL 38

Author Comment

ID: 12273676
Whoops, I said 500, didn't I, in which case I think that's the max I can give.
LVL 32

Expert Comment

ID: 12273832
I've been waiting for an answer also. I don't have a clue, but am interested. Looks like you might have stumped us.    : )
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

LVL 38

Author Comment

ID: 12274083
Oh, don't say that.  Surely nobody on this earth could stump the team at Experts-Exchange  :-)

Maybe Windows programmers might be in a better position to hazard some educated guesses.

Oh, well.  I'll hang in here for a few days and see if anyone is attracted by the "500 point" comment in Community Support.

Expert Comment

ID: 12279556
You've got me, I've deleted the NAVDX key a few times, but have never been able to figure out exactly what everything in there does. Google has provided little.
LVL 38

Author Comment

ID: 12283439
Thanks for checking in here Sootah.  I'm glad I'm not the only one who has rooted around in that key and tested to see what deleting the key actually does.  Nothing, as far as I can determine, but why is it there?  Strange that google didn't come up with an answer at the time, but I see one that I'm sure didn't show before:

It appears that, because I have never experienced shutdown issues, that this registry entry NAVEX has had no significance.

The DVP entry seems to go hand-in-hand with the various hits, like this german page translated in google:

I love the final feedback message:

"rear most turbo, best one thanks, will try it out equal tomorrow, because I do not have this system momentarily locally, nevertheless, best one thanks already times first, here one am unfortunately helped, can only sagen,,, "continue to make really very fast sooo" ""
genuinly super...;))"

In fact, "turbo" refers to the person who posted the previous comment, it wasn't anything to do with a natural wind problem ;-)

One disturbing hit on google (while searching the "SetupProgramRan" DWord)  relates  to spyware (FreeScratchAndWin and, and suggests deleting the "Dword" entry.

This page indicates that A Spyware remover finds the entry, allows removal, but it is then reinstated:

And again a .reg file of changes made when an "Application Launcher" seemingly named "timwin.exe", and "Blitzrechnen 1+2" were installed:

The installation of Adobe Acrobat viewer appears to have changed the value of "SetupProgramRan" from 1 to 2 this person's registry:

The only thing I can think is that it relates to the last software installed.

Who knows, but I will just wait this out and see if anyone else has any solid knowledge of this.

Assisted Solution

BeastOfBodmin earned 600 total points
ID: 12315274
Hi BillDL


not being that up on this I too was interested to see what the answer is to this question, my quick feeling is that it is checking to see if the program / process indicated by the key it is contained within  has been run or not.

this is purely a guess though ! but in my experience sometimes programmes/ processes can be just there waiting to be called on and then there must be a way of not calling them again and again

I looked for the entry in my system but I do not see it at all HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\  is as far as I get , there is no shutdown
LVL 38

Author Comment

ID: 12316471
Thanks for your interest, BeastofBodmin.  Yes, after finding this key while browsing (yes, I know it's sad, I have been known to "browse" the registry :-), those were the kind of pages that kept coming up in my google searches.

That's really what made my question a little more than just curiosity.  I wondered why spyware, etc, would be using that key, and why legitimate programs would also be listed there.

The annoying thing about ALL of those pages is that NONE of them actually explain WHY they suggest deleting the key.  Perhaps they found out by accident that it does something beneficial, but they don't know what it does either.

Strange that your system doesn't have this key at all though.  It MUST be one created by only a handful of programs that specifically need to use this entry, and there would be no sense in it persisting if it only had a "one time" use.  My feeling is that it is more significant than mere registry clutter.

I believe that your idea is the best explanation and goes in parallel with what I have been thinking.  A "validation check" of sorts.

Consider this:

You run the installer program for Norton AntiVirus, and during the process it needs to reboot the system to write settings to the registry (or to create an entry in the "RunOnce" key that it must catch on the reboot for it to work).

IF "FastReboot" was ENABLED (ie. set to 1 instead of 0), then this might be detrimental to the installation process.  It therefore lists the named program as an EXCLUSION to the rule set by the "FastReboot" entry.

By changing the value of the "SetupProgramRan" just before the system reboots, it thus recognises that the restart was mid-way through an install and tells it NOT to perform a "Fast Shutdown".

Perhaps it is also a way of storing an instruction that is READ at STARTUP in the event that the system is shut down rather than restarted.  On most occasions, if the system was mid-way through an install and it was shut down, you would tend to think that this would "break the process" and lead to an aborted install.  EXCEPT where, when the computer is powered up the next time, the registry tells the system that there had been an installation in progress, and to finish the process.

This notion is made slightly more credible by the fact that the only NAVEX*.* files on my system are navex??.vxd, .dll, and .sys files that reside in the folder where the virus definitions are stored for use by Norton AntiVirus.  With MY version, virus definitions are INSTALLED by Norton AntiVirus using what they refer to as the "Intelligent Updater", and the computer needs a reboot before that definition is loaded by NAV.

An embellishment to this train of thought is that Norton AntiVirus intercepts a virus as a file is accessed and needs to try and fix or delete the file.  If the file was in use, then this is often impossible unless the file is unloaded from memory.  Assuming that this interception was made while something malicious was trying to INSTALL whatever payload it normally delivers, then this might be important if part of that process caused a forced reboot.  By detecting that this was a "setup" program by means of the change to the "SetupProgramRan" value, then a "Fast Reboot" might not allow NAV to fully unload the file from memory and fix/delete it.  So, by making this an exception, the system is forced to perform a more standard shutdown and restart where all the running processes that cause shutdown problems in Win98SE can be fully offloaded and fixed.

A good theory, or just too much thinking time on my hands???
LVL 38

Author Comment

ID: 12316492
But what the hell is DVP then ??  As I said earlier on, no DVP*.* files reside on my computer apart from one.


DirectDrawVideoPort include (header) file used by Borland's C++ 5.5 free command line C and C++ compiler that I haven't used on this computer since it was last formatted, and the file is amongst my backup programs on a partition anyway.

Expert Comment

ID: 12479593

Take a look at the following link :

DVP stands for Driver Validation Program.
LVL 38

Author Comment

ID: 12480573
Thanks for your interest, paraghs.  It's an interesting page, and an equally interesting theory, but I cannot see how it would be related to my setup.

The page centres on a discussion about the "Windows CE .NET Test Kit (CETK)" intended to test embedded devices and drivers based on Windows CE .NET.  The "Driver Validation Program" (DVP) provides developers, Hardware Vendors, etc the opportunity to validate their drivers for use with Windows CE .NET operating systems.

Unfortunately this has no relation to anything I have done with this computer.  The nearest it has ever come to Windows CE was an iPaq PocketPC connected via usb and synchronised with ActiveSync.  No programming or testing involved, unless there is some automated testing of drivers at the client side performed by Windows 98 to allow the interface, but I can't understand a singular mention of DVP in the registry or system files.

Apart from that, the ipaq hasn't been connected, and interface software not installed, since I last formatted.

The DVP Acronym derivation (Driver Verification Program) is something that I will search for and see what I can dig up though.

Thanks for that info.

LVL 38

Author Comment

ID: 12480599
If this is indeed some type of driver verification routine, perhaps the fact that it is an "excusion" from fast shutdown is something intended to retain drivers in memory during a fast reboot, which otherwise might miss out on being re-initialized at the very first stages of boot.  A wild guess?

Accepted Solution

paraghs earned 1400 total points
ID: 12480740
A google search for "Driver Verification Program" returns 173 results, with most DVPs for Sun Solaris.

But there is one interesting link at <>. It has only one reference to Driver Verification Program, and says :

"Windows servers have also been infamous for frequent occurrences of the "Blue Screen of Death"—an error condition that freezes the OS and usually requires a reboot. Microsoft addressed the reasons behind this problem to a great extent in Windows 2000 and worked out further issues in Windows Server 2003. Poorly written drivers account for most server crashes, and Microsoft has continued the Driver Verification program. If you try to install a driver that isn't certified for Windows Server 2003, you'll receive a warning. This helps you avoid endangering your servers' stability unnecessarily."

I think DVP is there where .net is.

Allow me to make another wild guess : Some programmes use DVP module during their setup. It is never required afterwards.

I have seen a large number of programmes leaving this DVP entry in registry. (I use System Mechanic to monitor regisrty).
LVL 38

Author Comment

ID: 12481459
I think that the combination of gueses is probably pretty close to the truth here, and probably as close as we'll ever get.

I am going to split points here because of the 2 part nature of the question which has been addressed by both of you.

Thank you for your input.


Expert Comment

ID: 12481529
Thanks Bill.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question