Regsitry MRU list "encrypted" with ROT13

Discussion in 'MRU Blaster Forum' started by ebg13, Jul 6, 2003.

Thread Status:
Not open for further replies.
  1. ebg13

    ebg13 Registered Member

    Jul 6, 2003
    I have MRU Blaster 1.5 from 6/1/03, and Windows ME.

    While examining my registry, I found some items that weren't deleted by MRU Blaster. Some of the items were "encrypted" with ROT13.

    First the plain ones: (in the registry, boldfaced items would be changed to real values of usernames, titles, URLs, etc.)
    • [HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips1]
      etc. (mine went up to MostRecentClips:cool:

      ("TITLE" is replaced by the item's title,
      "http://..." is replaced by its URL; some of the items in the list are quite ancient)
    • [HKEY_USERS\.USERNAME\Software\Macromedia\Shockwave 8\movies\1]
      [HKEY_USERS\.USERNAME\Software\Macromedia\Shockwave 8\movies\1\url]
    • [HKEY_USERS\.USERNAME\Software\Microsoft\Office\9.0\Common\Internet\FTP Sites\site_0]
      "Site Name"=""
    There were also two huge MRU lists "encrypted" with ROT13. They contained previously run programs, URLs of websites I accessed, etc.
    • [HKEY_USERS\.USERNAME\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF\9}\Count]

      There is a HUGE list of items like this in that key, this one is just a sample; note that if you put the quoted string through ROT13, it becomes

    • [HKEY_USERS\.USERNAME\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE83\7}\Count]
      "HRZR_EHACVQY:%pfvqy6%\\Lnubb! Znvy.hey"=hex:...

      Again, there's a huge list, this one item is just a sample. Putting the item in quotes through ROT13 gives
      "UEME_RUNPIDL:%csidl6%\\Yahoo! Mail.url"

      Google searches for HRZR, UEME, ROT13, etc., came up with with some sites with information about this:

      site 1 (German):

      site 2:
Thread Status:
Not open for further replies.