Solved

What is ...\Explorer\UserAssist\...  Registry Key?

Posted on 2002-06-20
10
2,573 Views
Last Modified: 2013-12-28
Hi, I found this key in my registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

It contains approx. 700 fields all similar as the two below:

HRZR_EHACVQY:%pfvqy6%\Ba Yvar Ersrerapr\Serrolgr'f Thvqr gb Serr Bayvar Ersrerapr.hey

or

HRZR_EHAJZPZQ:0k2,2006

Any idea what this is about?  I'm running Win98se.
cj
0
Comment
Question by:czechmate
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 59

Accepted Solution

by:
LeeTutor earned 100 total points
ID: 7097517
Here are the two most comprehensible web sites mentioning this Registry key that I've found (using the search engine Google.com).  The second one is from the "cached" pages stored currently at Google.  Neither is all that clear.  On the second one, I did try the link to the German ZDnet page it mentioned, but the page location had changed.

http://www.swynk.com/trent/Articles/NoControlPanel.asp

http://216.239.35.100/search?q=cache:T92chgbLPrEC:the-it-mercenary.com/forums/Windows98/posts/1015.html+Explorer%5CUserAssist&hl=en&ie=UTF8

0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7097519
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7097530
also try spybot
http://www.net-integration.net/spybot/spybotsd.html
it will check for spyware
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7097535
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 7097541
Steve, I believe those keys in the Win98 registry are all legitimate ones, not having to do with spyware, etc.  (My seach turned up some of your same sites.)  I have looked in my Win98se registry and I have the same keys.  Take a look at my second link.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Author Comment

by:czechmate
ID: 7099597
Thanks guys for all the links.  I have visited some of
them before I've come here (in fact I'm here 'cause ain't
nothing worthwhile on Google:)

I think LeeTutor is right in saying the keys in question
are legitimate.    On the second LeeTutor's link somebody
says it is encrypted history of program activity.  Well it
is posible but it certainly is not an authoritative
statement.  It is the only piece of info that is actually
relevant to my question.  

Thanks for advice on Trojan  removals etc, I have all that
including Adaware.

The Question remains: what is the key "..\userassist\count" about or what purpose does it serve?
0
 
LVL 9

Expert Comment

by:MrBillisMe
ID: 7099978
It is similar to some Japanese character entries, do you use foreign lanuage character sets?
0
 
LVL 1

Author Comment

by:czechmate
ID: 7101125
Hi guys, here's some feedback.
No, these are not Japanese characters MrBillisMe, even
though they definitely look like it:))  Thanks to the second link in LeeTutor comment I eventually figured out
at least some of it.

The entries are encrypted with ROT13 algorithm. That ROT13
exists I only found after I cracked it already.  This is
not bragging, it just shows you how simple the algo is.  
You simply add 13 to each character in A..Z range and if
it spills out you continue at the beginning.
Anyway today I was given a link where you can
encode/decode the stuff.

http://members.tripod.com/~BraunzGuy/rot13.htm


Then I decrypted contents of ..\count key and it is some
kind of history of Favorites menu and aparently other
customized menus.  Here's couple of examples:

Sample 1
Original entry:
HRZR_EHACVQY:%pfvqy6%\Yvaxf\paa\PAAsa - gur svanapvny
argjbex.hey

Plain text:
UEME_RUNPIDL:%CSIDL6%\LINKS\CNN\CNNFN - THE FINANCIAL
NETWORK.URL

Sample 2
HRZR_EHAJZPZQ:0k2,7041

UEME_RUNWMCMD:0X2,7041

I still don't know what the purpose of these keys is.  Are
they used when a menu item is activated?  On the other
hand I have entries there that have been long time removed
from my menus.  So, does anybody have a test rig on which
to try delete the whole thing? :))

cj
0
 
LVL 2

Expert Comment

by:Griffon
ID: 7103438
Ok I found the actual reg key here .. not sure exactly what it does but here it is.

http://www.leu.bw.schule.de/allg/son/dreamw4/dreamw4.reg.txt

So my guess based on that is that it is associated with dreamweaver 4 if you use that then there u go.

As for trying to delete it all you need to do if you choose to do this is create a backup of the registry and then delete the files .. if it messes things up then restore the registry and you will be back where you were before.

I hope that having an idea exactly where the registry key is from is of some help :)


0
 
LVL 1

Author Comment

by:czechmate
ID: 7104774
Griffon thanks for your contribution.  I do not use Dreamweaver, dreamweaver is just one of the apps that are using the key.  As I wrote above it is some kind of repository of links and commands, for what I don't know.  Anyway I think I leave it as it is, the points go to Lee Tutor he put me on the right track.
Thanks guys,
cj
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now