What is ...\Explorer\UserAssist\...  Registry Key?

Posted on 2002-06-20
Last Modified: 2013-12-28
Hi, I found this key in my registry:


It contains approx. 700 fields all similar as the two below:

HRZR_EHACVQY:%pfvqy6%\Ba Yvar Ersrerapr\Serrolgr'f Thvqr gb Serr Bayvar Ersrerapr.hey



Any idea what this is about?  I'm running Win98se.
Question by:czechmate
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
LVL 59

Accepted Solution

LeeTutor earned 100 total points
ID: 7097517
Here are the two most comprehensible web sites mentioning this Registry key that I've found (using the search engine  The second one is from the "cached" pages stored currently at Google.  Neither is all that clear.  On the second one, I did try the link to the German ZDnet page it mentioned, but the page location had changed.

LVL 41

Expert Comment

ID: 7097530
also try spybot
it will check for spyware
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

LVL 41

Expert Comment

ID: 7097535
LVL 59

Expert Comment

ID: 7097541
Steve, I believe those keys in the Win98 registry are all legitimate ones, not having to do with spyware, etc.  (My seach turned up some of your same sites.)  I have looked in my Win98se registry and I have the same keys.  Take a look at my second link.

Author Comment

ID: 7099597
Thanks guys for all the links.  I have visited some of
them before I've come here (in fact I'm here 'cause ain't
nothing worthwhile on Google:)

I think LeeTutor is right in saying the keys in question
are legitimate.    On the second LeeTutor's link somebody
says it is encrypted history of program activity.  Well it
is posible but it certainly is not an authoritative
statement.  It is the only piece of info that is actually
relevant to my question.  

Thanks for advice on Trojan  removals etc, I have all that
including Adaware.

The Question remains: what is the key "..\userassist\count" about or what purpose does it serve?

Expert Comment

ID: 7099978
It is similar to some Japanese character entries, do you use foreign lanuage character sets?

Author Comment

ID: 7101125
Hi guys, here's some feedback.
No, these are not Japanese characters MrBillisMe, even
though they definitely look like it:))  Thanks to the second link in LeeTutor comment I eventually figured out
at least some of it.

The entries are encrypted with ROT13 algorithm. That ROT13
exists I only found after I cracked it already.  This is
not bragging, it just shows you how simple the algo is.  
You simply add 13 to each character in A..Z range and if
it spills out you continue at the beginning.
Anyway today I was given a link where you can
encode/decode the stuff.

Then I decrypted contents of ..\count key and it is some
kind of history of Favorites menu and aparently other
customized menus.  Here's couple of examples:

Sample 1
Original entry:
HRZR_EHACVQY:%pfvqy6%\Yvaxf\paa\PAAsa - gur svanapvny

Plain text:

Sample 2


I still don't know what the purpose of these keys is.  Are
they used when a menu item is activated?  On the other
hand I have entries there that have been long time removed
from my menus.  So, does anybody have a test rig on which
to try delete the whole thing? :))


Expert Comment

ID: 7103438
Ok I found the actual reg key here .. not sure exactly what it does but here it is.

So my guess based on that is that it is associated with dreamweaver 4 if you use that then there u go.

As for trying to delete it all you need to do if you choose to do this is create a backup of the registry and then delete the files .. if it messes things up then restore the registry and you will be back where you were before.

I hope that having an idea exactly where the registry key is from is of some help :)


Author Comment

ID: 7104774
Griffon thanks for your contribution.  I do not use Dreamweaver, dreamweaver is just one of the apps that are using the key.  As I wrote above it is some kind of repository of links and commands, for what I don't know.  Anyway I think I leave it as it is, the points go to Lee Tutor he put me on the right track.
Thanks guys,

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question