What is ...\Explorer\UserAssist\...  Registry Key?

Posted on 2002-06-20
Last Modified: 2013-12-28
Hi, I found this key in my registry:


It contains approx. 700 fields all similar as the two below:

HRZR_EHACVQY:%pfvqy6%\Ba Yvar Ersrerapr\Serrolgr'f Thvqr gb Serr Bayvar Ersrerapr.hey



Any idea what this is about?  I'm running Win98se.
Question by:czechmate
  • 3
  • 3
  • 2
  • +2
LVL 59

Accepted Solution

LeeTutor earned 100 total points
ID: 7097517
Here are the two most comprehensible web sites mentioning this Registry key that I've found (using the search engine  The second one is from the "cached" pages stored currently at Google.  Neither is all that clear.  On the second one, I did try the link to the German ZDnet page it mentioned, but the page location had changed.

LVL 41

Expert Comment

ID: 7097519
LVL 41

Expert Comment

ID: 7097530
also try spybot
it will check for spyware
LVL 41

Expert Comment

ID: 7097535
LVL 59

Expert Comment

ID: 7097541
Steve, I believe those keys in the Win98 registry are all legitimate ones, not having to do with spyware, etc.  (My seach turned up some of your same sites.)  I have looked in my Win98se registry and I have the same keys.  Take a look at my second link.
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!


Author Comment

ID: 7099597
Thanks guys for all the links.  I have visited some of
them before I've come here (in fact I'm here 'cause ain't
nothing worthwhile on Google:)

I think LeeTutor is right in saying the keys in question
are legitimate.    On the second LeeTutor's link somebody
says it is encrypted history of program activity.  Well it
is posible but it certainly is not an authoritative
statement.  It is the only piece of info that is actually
relevant to my question.  

Thanks for advice on Trojan  removals etc, I have all that
including Adaware.

The Question remains: what is the key "..\userassist\count" about or what purpose does it serve?

Expert Comment

ID: 7099978
It is similar to some Japanese character entries, do you use foreign lanuage character sets?

Author Comment

ID: 7101125
Hi guys, here's some feedback.
No, these are not Japanese characters MrBillisMe, even
though they definitely look like it:))  Thanks to the second link in LeeTutor comment I eventually figured out
at least some of it.

The entries are encrypted with ROT13 algorithm. That ROT13
exists I only found after I cracked it already.  This is
not bragging, it just shows you how simple the algo is.  
You simply add 13 to each character in A..Z range and if
it spills out you continue at the beginning.
Anyway today I was given a link where you can
encode/decode the stuff.

Then I decrypted contents of ..\count key and it is some
kind of history of Favorites menu and aparently other
customized menus.  Here's couple of examples:

Sample 1
Original entry:
HRZR_EHACVQY:%pfvqy6%\Yvaxf\paa\PAAsa - gur svanapvny

Plain text:

Sample 2


I still don't know what the purpose of these keys is.  Are
they used when a menu item is activated?  On the other
hand I have entries there that have been long time removed
from my menus.  So, does anybody have a test rig on which
to try delete the whole thing? :))


Expert Comment

ID: 7103438
Ok I found the actual reg key here .. not sure exactly what it does but here it is.

So my guess based on that is that it is associated with dreamweaver 4 if you use that then there u go.

As for trying to delete it all you need to do if you choose to do this is create a backup of the registry and then delete the files .. if it messes things up then restore the registry and you will be back where you were before.

I hope that having an idea exactly where the registry key is from is of some help :)


Author Comment

ID: 7104774
Griffon thanks for your contribution.  I do not use Dreamweaver, dreamweaver is just one of the apps that are using the key.  As I wrote above it is some kind of repository of links and commands, for what I don't know.  Anyway I think I leave it as it is, the points go to Lee Tutor he put me on the right track.
Thanks guys,

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now