xkajxkajx 3 Posted December 17, 2018 Share Posted December 17, 2018 After updating , I am seeing " 1-Open folder location , 2- Include in library and 3- Pin to start" in my context menu . Tried to remove them in the registry, but they keep coming back everytime I reboot or log off ?!. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers What's going on ? Please help . I am using Windows 10 Enterprise ESET NOD32 ANTIVIRUS 12 THANKS. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted December 17, 2018 Administrators Share Posted December 17, 2018 I assume that temporarily uninstalling ESET would not make any difference. Please try it in order to rule out ESET being the culprit. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 17, 2018 Author Share Posted December 17, 2018 (edited) Sir, I am not guessing here or accusing ESET. I'm sure about it because every time I uninstall ESET ,everything is ok . P.S. I uninstalled and installed ESET " In Safe Mode " (four times) This is how and why I have discovered the issue . Could please try to remove "Include in library" from your own right click and reboot and then see what happens ? THANKS Edited December 17, 2018 by xkajxkajx Link to comment Share on other sites More sharing options...
Super_Spartan 56 Posted December 17, 2018 Share Posted December 17, 2018 You can use Winaero Tweaker to edit the context menu items. Open folder location is a part of Windows and cannot be removed. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 18, 2018 Author Share Posted December 18, 2018 Hi, I have aready used " WinaeroTweaker" and other registry tricks and tools before your kind suggestion but in vain. Why don't you use " WinaeroTweaker" in yours and see what happens after restarting ? I'm not asking how to remove the entries but how to keep them removed permanently. I think you are wrong about " Open folder location is a part of Windows and cannot be removed " ! ? .Yes you can. Just google it . Please ! These entries are removed in my context menu for months without any issue. "AFTER UPDATING ESET, THEY ARE STUCK IN THERE" THANKS FOR YOUR REPLY. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 20, 2018 Author Share Posted December 20, 2018 Hi, Is anybody there ? I'm waiting for someone to respond . I feel I'm the only one who has this problem !?. THANKS Link to comment Share on other sites More sharing options...
itman 1,743 Posted December 20, 2018 Share Posted December 20, 2018 On 12/16/2018 at 9:06 PM, xkajxkajx said: Tried to remove them in the registry, but they keep coming back everytime I reboot or log off ?!. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers According to this article: https://www.techspot.com/guides/1670-windows-right-click-menu/ , you're not deleting the entries from the correct registry keys: Quote Navigate to Computer\HKEY_CLASSES_ROOT\*\shell and Computer\HKEY_CLASSES_ROOT\*\shellex to find many application context menu entries and delete the ones you no longer want. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 21, 2018 Author Share Posted December 21, 2018 With all due respect ,the entries I'm talking about are NOT in : 1. HKEY_CLASSES_ROOT\*\shell or 2. HKEY_CLASSES_ROOT\*\shellex They are located in 1.HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 2.HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Library Location Read this one carefully "https://www.howtogeek.com/howto/windows-vista/how-to-clean-up-your-messy-windows-context-menu/ Again, we are not talking about the location of the registry entries. We are talking about " Why do they insist coming back? " I did uninstall ESET and wait (2 hours booting and rebooting ) to make sure if these entries are coming back or not .Guess what ? they don't. COULD PLEASE TELL ME WHY ? I think ESET is restricting MY USER ACCOUNT to delete or modify some registry entries . PROVE ME WRONG . THNX Link to comment Share on other sites More sharing options...
Super_Spartan 56 Posted December 21, 2018 Share Posted December 21, 2018 10 hours ago, xkajxkajx said: With all due respect ,the entries I'm talking about are NOT in : 1. HKEY_CLASSES_ROOT\*\shell or 2. HKEY_CLASSES_ROOT\*\shellex They are located in 1.HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers 2.HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Library Location Read this one carefully "https://www.howtogeek.com/howto/windows-vista/how-to-clean-up-your-messy-windows-context-menu/ Again, we are not talking about the location of the registry entries. We are talking about " Why do they insist coming back? " I did uninstall ESET and wait (2 hours booting and rebooting ) to make sure if these entries are coming back or not .Guess what ? they don't. COULD PLEASE TELL ME WHY ? I think ESET is restricting MY USER ACCOUNT to delete or modify some registry entries . PROVE ME WRONG . THNX Sorry I might have misunderstood you. How can I see this Open Folder Location context menu? I tried right clicking on a folder but can only see "Open in New Window"" also, when doing changes to the registry, you need to disable NOD32 first as it prevents tampering with the registry. Disable NOD32, do the changes that you want then reboot immediately, Link to comment Share on other sites More sharing options...
itman 1,743 Posted December 21, 2018 Share Posted December 21, 2018 13 hours ago, xkajxkajx said: I think ESET is restricting MY USER ACCOUNT to delete or modify some registry entries . PROVE ME WRONG . If this was the case, you should have been receiving HIPS alerts about modification of registry keys. Did you check your Eset HIPS log for entries related to your registry modification activities? If none of the prior apply, Eset is not preventing any of the registry key modifications you are performing. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 22, 2018 Author Share Posted December 22, 2018 Hi, Ultra Mate *I don't know why you can not see "Open Folder Location" in your right click menu ? Maybe you deleted it *I think "Open Folder Location , Pin to Start , Include in library and other context menu entries" come with Windows 10 by default. * I did your trick " disable ESET and remove the entries and reboot immediately " but the same thing happens. * If you have "Inculde in libray and Pin to Start ' in yours ,could you or ANYBODY please remove them and tell me what happens ? Warning ! You should export them as a backup before doing that . Just in case . HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Library Location HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\PintoStartScreen Just wait almost 2 minutes after rebooting and check them up. _______________________ Hi, itman I have checked HIPS logs and found zero alert. If ESET is not responsibe ,then who? How could you explain why the "removed registry entries" won't come back again when ESET is not running in my notebook ? Something fishy !? Please let's focus on this particular issue. THANX Link to comment Share on other sites More sharing options...
itman 1,743 Posted December 22, 2018 Share Posted December 22, 2018 Try using Autoruns to disable the Context Menu items. Screen shot given below. The advantage of Autoruns is it first, will modify the associated registry keys by simply unchecking the shown associated item. Next, the registry keys are only modified and not permanently deleted. Simply recheck marking the item reactivates the associated registry key. Note: when opening Autoruns for the first time, click on the Option tab and remove the checkmarks for "Hide Microsoft and Windows entries." This will ensure all Windows settings are shown. Also you will have to run Autoruns as admin to perform most registry modification activities. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 23, 2018 Author Share Posted December 23, 2018 Hi itman, I did as you said and here is the sreenshots I have taken: FIRST SHOT SECOND SHOT Here is a screenshot of my context menu: Autoruns is not telling me who recreates these entries ,isn't it ? Sir, I'm getting crazy about it .Need your help. THANX Link to comment Share on other sites More sharing options...
itman 1,743 Posted December 23, 2018 Share Posted December 23, 2018 (edited) 12 hours ago, xkajxkajx said: Sir, I'm getting crazy about it .Need your help. Did you reboot immediately after making the Autoruns changes? Also you posted that you are using Win 10 Enterprise. You sure you don't have any Group Policy rule set in regards to context menu changes? It sure appears to me that Windows is re-adding those menu items regardless of any deletion of same on your part. It also seems reasonable to me that Win 10 will not allow for Pin to Start menu to be disabled for example, since Win Store apps will auto add any new app to it. Edited December 23, 2018 by itman Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 24, 2018 Author Share Posted December 24, 2018 Hi, Yes, I rebooted immediately after making the Autoruns changes . Windows Store application is disabled: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore] "AutoDownload"=dword:00000002 "RemoveWindowsStore"=dword:00000001 I don't know if I have any Group Policy rule set in regards to context menu changes or not . how to tell ? I general, I rarely mess with Group Policy rules. I agree with you that "Group Policy " is a possible reason . So ,could you tell me how to make sure of that, I mean in Group Policy settings ? THANK YOU . Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 27, 2018 Author Share Posted December 27, 2018 (edited) Hi , I feel I'm totatlly ignored ?!?! Here I am asking enybody to remove the following entries from his/her registry to check and give me a feedback (AFTER BACKING THEM UP) : " 1-Open folder location , 2- Include in library and 3- Pin to start" in the context menu 1-Open folder location HKEY_CLASSES_ROOT\.symlink\shellex\ContextMenuHandlers\OpenContainingFolderMenu HKEY_CLASSES_ROOT\LibraryLocation\ShellEx\ContextMenuHandlers\OpenContainingFolderMenu HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu HKEY_CLASSES_ROOT\RecentDocument\ShellEx\ContextMenuHandlers\OpenContainingFolderMenu HKEY_CLASSES_ROOT\Results\ShellEx\ContextMenuHandlers\OpenContainingFolderMenu 2- Include in library HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\Library Location HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Library Location 3- Pin to start HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\PintoStartScreen HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\PintoStartScreen HKEY_CLASSES_ROOT\Microsoft.Website\ShellEx\ContextMenuHandlers\PintoStartScreen HKEY_CLASSES_ROOT\mscfile\shellex\ContextMenuHandlers\PintoStartScreen ************************************************************************************ ANOTHER IDEA If this is too much to ask then I would like to know how to edit NOD32 (HIPS rules) to BLOCK these entries from re-adding again when I reboot ? Can you give me only one example ? Thanx Edited December 28, 2018 by xkajxkajx Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted December 27, 2018 Administrators Share Posted December 27, 2018 43 minutes ago, xkajxkajx said: I feel I'm totatlly ignored ?!? Quite the contrary. There is a handful of users who have been trying to help you. Your post was not left unanswered. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 27, 2018 Author Share Posted December 27, 2018 Hi Marcos, You know what ? Today I tried to disable these entries in the safe mode . They never come back in the safe mode for almost 6 minutes simply because NOD32 IS NOT RUNNING THERE. Am I right ? 🤔 After rebooting to the real mode, they are not there for only 2 minutes .I was watch the harddisk light to see what's cooking. When the harddisk light is flashing now .It means something is going on. What is it? Right click a folder immediately and you will see the devil entries coming back . WHY?☹️😭 SIR, I HAVE NEVER EVER FACED LIKE THIS STUPID PROBLEM IN MY LIFE . I HAVE TRUSTED NOD32 FOR MANY YEARS. Frankly ,I'm tired of it. THANX Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted December 27, 2018 Administrators Share Posted December 27, 2018 In safe mode, almost no application is running, not only ESET. On my machine I don't have those registry values and have ESET installed. Try the following: - in normal mode, delete the registry keys/values - run Procmon and select to create a boot log as per - reboot the machine - check the registry if the keys/values exist - stop logging in Procmon, save the log, compress it, upload it to a safe location and provide me with a download link. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted December 28, 2018 Author Share Posted December 28, 2018 Hi, "On my machine I don't have those registry values and have ESET installed. " I don't get it .You mean you removed them ? I think they exist by default when you install Windows 10. You did't answer may previous question: How could you explain the "removed registry entries" won't come back again when ESET is not running in my notebook ? NOTE : I have a Symantec Ghost backup 3 monthes ago. When I restore it ,everything is perfect . As usual ,ESET is updating and upgrading (v.10 to v.12) and ask me to restart. I did restart and changes happen magically. Anyway, I did exactly as you told me and here you have the files. https://drive.google.com/open?id=1QAgMS85r-Rp2gOBX8-6meeAdwdRKUceBhttps://drive.google.com/open?id=1NrzcRWHse0wZHchrsi94lE3HfqxU9YSEhttps://drive.google.com/open?id=1IDJyrZNV0D8hv4qV_EvlnvnaD3gmDSwl https://drive.google.com/open?id=1UTVdI1cxCazBrXcosKnemr7r_6RrD9fehttps://drive.google.com/open?id=1InrWumi_e2iExdGzrO0DwtXJNicuSmzs Thanx Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted December 28, 2018 ESET Insiders Share Posted December 28, 2018 @Marcos, I think you'll find the last log - Logfile1.7z - to be the log of interest. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted January 8, 2019 Author Share Posted January 8, 2019 Hi, On 12/28/2018 at 9:19 AM, stackz said: @Marcos, I think you'll find the last log - Logfile1.7z - to be the log of interest. Could you please elaborate ? Some details ,please ! THANX Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted January 19, 2019 Author Share Posted January 19, 2019 Hi, I thought I was wrong when I said ESET IS MESSING UP WITH MY CONTEXT MENU.But here is another evidence. Desperately , I have made 2 registry shots for my pc using NirSoft's "RegistryChangesView.exe". One before updating ESET and the other is after that. After making comparison between the 2 shots, I have found a lot of changes in registry especially in my context menu. Many keys were added and modified and removed. You can see all changes in the " text file" I have uploded. RegistryChangesView.txt THE BIG QUESTION IS WHO DID THIS? YOU CAN NOT EVEN DELETE THEM " the ones in the ContextMenuHandler keys " FOR EVER. It seems I can not control my context menu anymore ! PLEASE , THIS DRIVES ME CRAZY . I AM REALLY DESPERATE AND DISAPPOINTED. NOTICE, I DID NOTHING BUT UPDATING ESET. I MEAN IT "NOTHING" . Thanks Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted January 20, 2019 ESET Insiders Share Posted January 20, 2019 On 1/8/2019 at 11:01 PM, xkajxkajx said: Hi, Could you please elaborate ? Some details ,please ! THANX Logfile1 clearly shows ESET's service, ekrn.exe, creating the shellex keys and setting their default values. I've attached a jpeg image of the process monitor output for clarification. Link to comment Share on other sites More sharing options...
xkajxkajx 3 Posted January 20, 2019 Author Share Posted January 20, 2019 (edited) Hi stackz, Thank you for your cooperarion.You are a big help,but why ESET insist creating these registry keys ? and how to stop it from doing unwanted things? Is it because of security ? Frankly, I don't like it . P.S.: This applies to Windows 7 (64bit). Thankx Edited January 20, 2019 by xkajxkajx Link to comment Share on other sites More sharing options...
Recommended Posts