What is ...\Explorer\UserAssist\...  Registry Key?

Posted on 2002-06-20
Last Modified: 2013-12-28
Hi, I found this key in my registry:


It contains approx. 700 fields all similar as the two below:

HRZR_EHACVQY:%pfvqy6%\Ba Yvar Ersrerapr\Serrolgr'f Thvqr gb Serr Bayvar Ersrerapr.hey



Any idea what this is about?  I'm running Win98se.
Question by:czechmate
  • 3
  • 3
  • 2
  • +2
LVL 59

Accepted Solution

LeeTutor earned 100 total points
ID: 7097517
Here are the two most comprehensible web sites mentioning this Registry key that I've found (using the search engine  The second one is from the "cached" pages stored currently at Google.  Neither is all that clear.  On the second one, I did try the link to the German ZDnet page it mentioned, but the page location had changed.

LVL 41

Expert Comment

ID: 7097519
LVL 41

Expert Comment

ID: 7097530
also try spybot
it will check for spyware
LVL 41

Expert Comment

ID: 7097535
LVL 59

Expert Comment

ID: 7097541
Steve, I believe those keys in the Win98 registry are all legitimate ones, not having to do with spyware, etc.  (My seach turned up some of your same sites.)  I have looked in my Win98se registry and I have the same keys.  Take a look at my second link.
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails


Author Comment

ID: 7099597
Thanks guys for all the links.  I have visited some of
them before I've come here (in fact I'm here 'cause ain't
nothing worthwhile on Google:)

I think LeeTutor is right in saying the keys in question
are legitimate.    On the second LeeTutor's link somebody
says it is encrypted history of program activity.  Well it
is posible but it certainly is not an authoritative
statement.  It is the only piece of info that is actually
relevant to my question.  

Thanks for advice on Trojan  removals etc, I have all that
including Adaware.

The Question remains: what is the key "..\userassist\count" about or what purpose does it serve?

Expert Comment

ID: 7099978
It is similar to some Japanese character entries, do you use foreign lanuage character sets?

Author Comment

ID: 7101125
Hi guys, here's some feedback.
No, these are not Japanese characters MrBillisMe, even
though they definitely look like it:))  Thanks to the second link in LeeTutor comment I eventually figured out
at least some of it.

The entries are encrypted with ROT13 algorithm. That ROT13
exists I only found after I cracked it already.  This is
not bragging, it just shows you how simple the algo is.  
You simply add 13 to each character in A..Z range and if
it spills out you continue at the beginning.
Anyway today I was given a link where you can
encode/decode the stuff.

Then I decrypted contents of ..\count key and it is some
kind of history of Favorites menu and aparently other
customized menus.  Here's couple of examples:

Sample 1
Original entry:
HRZR_EHACVQY:%pfvqy6%\Yvaxf\paa\PAAsa - gur svanapvny

Plain text:

Sample 2


I still don't know what the purpose of these keys is.  Are
they used when a menu item is activated?  On the other
hand I have entries there that have been long time removed
from my menus.  So, does anybody have a test rig on which
to try delete the whole thing? :))


Expert Comment

ID: 7103438
Ok I found the actual reg key here .. not sure exactly what it does but here it is.

So my guess based on that is that it is associated with dreamweaver 4 if you use that then there u go.

As for trying to delete it all you need to do if you choose to do this is create a backup of the registry and then delete the files .. if it messes things up then restore the registry and you will be back where you were before.

I hope that having an idea exactly where the registry key is from is of some help :)


Author Comment

ID: 7104774
Griffon thanks for your contribution.  I do not use Dreamweaver, dreamweaver is just one of the apps that are using the key.  As I wrote above it is some kind of repository of links and commands, for what I don't know.  Anyway I think I leave it as it is, the points go to Lee Tutor he put me on the right track.
Thanks guys,

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now