What is the User Assist key
Hello every one. I am new to this community. I am Windows Vista user. In my profession, i heard this word many times "User Assist key". I know that it is somewhere registry related, but not any thing else.Could you guys make me know what is it actually ? I really need to know.
Re: What is the User Assist key
UserAssist key contains information about the exe files and links that you open frequently.This key gives you information about all the applications, webpages, searches, and some more info that where executed in your machine. It's like a history but it doesn't blank.the Start menu has a “UserAssist” area that
holds shortcuts to applications most frequently used. This area is
automatically populated from the UserAssist Key.The UserAssist registry key resides in the NTUSER.DAT file on disk at:
Quote:
Software\Microsoft\Windows \CurrentVersion\Explorer\UserAssist
or, in the live registry, at:
Quote:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Re: What is the User Assist key
This UserAssistView application will decrypt and display the list of all UserAssist entries stored under in the registry at
Quote:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist
In conclusion, the UserAssist key can provide significant information
regarding suspect activity such as which programs are consistently used,
evidence of uninstalled programs, evidence of a file’s existence, and so
on. As with most registry contents, this is uncharted territory.The UserAssist key seems to have two subkeys which are registered CLSIDs.
Quote:
{5E6AB780-7743-11CF-A12B-00AA004AE837}
{75048700-EF1F-11D0-9888-006097DEACF9}
Re: What is the User Assist key
The UserAssist key contains information about the exe files and links that you open frequently. you can save the list of UserAssist entries into text/html/xml/csv file, as well as you can delete unwanted items.When you decode the value names from beneath the UserAssist\{GUID}\Count keys, you see that the value names begin with "UEME_" and include names like "RUNPIDL" and "RUNCPL", to name just a few. Since research into these Registry entries began, no one has really known or explored what these refer to...until now.