New
#61
Of course this fingerprint app extension is listed by UVK. Pls refer to a part of copy of z current UVK log as below:
Image hijacks and Global context menus:
Format: Mode | Name | Destination file | Description | MD5 hash | File signature
<FileContextMenu> | File Information | C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe | Ultra Virus Killer | ABE7EEAC7746B246918CBA9A947A44DD | Signed : Carifred
<FileContextMenu> | Force Delete | C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe | Ultra Virus Killer | ABE7EEAC7746B246918CBA9A947A44DD | Signed : Carifred
<FileContextMenu> | Adobe.Acrobat.ContextMenu | C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll | Adobe Acrobat Context Menu | 6627085D0D35A33988B72013BFCE0E19 | Signed : Adobe Systems Inc.
<FileContextMenu> | PicaViewCtxMenuShlExt | C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll | PicaView Shell Extension | 184EC85F5F4BC12377D957BD1E1A1236 | Signed : ACD Systems International Inc.
<FileContextMenu> | Symantec.Norton.Antivirus.IEContextMenu | C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\NavShExt.dll | Norton Internet Security Shell Extension Module | DDFA1920436E2932A32C58925C98B63E | Signed : Symantec Corporation
<FileContextMenu> | tosBtShllExt | C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll | TosBtShell | 24F88AC7328E47F5D72D9E943E3027F3 | Signed : TOSHIBA
<FileContextMenu> | VersionsPageShellExt | C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll | Versions Page | 66FC61A667A17D59E051E5C6651E8D16 | Signed : Acronis
<FileContextMenu> | WinCDEmu | C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll | WinCDEmu Explorer context menu module | 9A56471D724C1BB882E287926A9B022F | Signed : Sysprogs OU
<FileContextMenu> | WinRAR | C:\Program Files\WinRAR\rarext.dll | WinRAR shell extension | 083FB018FF4D8DA38D2211474837E17A | Signed : Alexander Roshal
<FileContextMenu> | WondershareVideoConverterFileOpreation | | No description | Hash error: File not found | Unsigned : No publisher
<FileContextMenu> | {C539A15A-3AF9-4c92-B771-50CB78F5C751} | C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll | Acronis True Image Shell Extensions | 7FF78317001D4541431FC2A8E16AB8FA | Signed : Acronis
<FileContextMenu> | MBAMShlExt | C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll | Malwarebytes Anti-Malware | 67A6EC1735C77C2623B49CC1F284C8A0 | Signed : Malwarebytes
<FileContextMenu> | SafearchiveContextMenu | C:\Program Files\Protector Suite\farchns.dll | PSQL file safe | BEB1516D36138FA3A7B25DB703F45353 | Signed : Authentec Inc.
<FolderContextMenu> | Adobe.Acrobat.ContextMenu | C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll | Adobe Acrobat Context Menu | 6627085D0D35A33988B72013BFCE0E19 | Signed : Adobe Systems Inc.
<FolderContextMenu> | MBAMShlExt | C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll | Malwarebytes Anti-Malware | 67A6EC1735C77C2623B49CC1F284C8A0 | Signed : Malwarebytes
<FolderContextMenu> | RUShellExt | C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll | Revo Uninstaller Pro Extension | D005CA23A102256187B8378873E44E63 | Signed : VS Revo Group
<FolderContextMenu> | Symantec.Norton.Antivirus.IEContextMenu | C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\NavShExt.dll | Norton Internet Security Shell Extension Module | DDFA1920436E2932A32C58925C98B63E | Signed : Symantec Corporation
<FolderContextMenu> | UltraISO | C:\Program Files (x86)\UltraISO\isoshl64.dll | ISOShell | 25609F6954DB8C81B9979C8B88F880A0 | Signed : EZB Systems, Inc.
<FolderContextMenu> | VersionsPageShellExt | C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll | Versions Page | 66FC61A667A17D59E051E5C6651E8D16 | Signed : Acronis
<FolderContextMenu> | WinCDEmu | C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll | WinCDEmu Explorer context menu module | 9A56471D724C1BB882E287926A9B022F | Signed : Sysprogs OU
<FolderContextMenu> | WinRAR | C:\Program Files\WinRAR\rarext.dll | WinRAR shell extension | 083FB018FF4D8DA38D2211474837E17A | Signed : Alexander Roshal
<FolderContextMenu> | {C539A15A-3AF9-4c92-B771-50CB78F5C751} | C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll | Acronis True Image Shell Extensions | 7FF78317001D4541431FC2A8E16AB8FA | Signed : Acronis
<FolderContextMenu> | ACDSee Ultimate 9.Manage | C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeQVUltimate9.exe | ACDSee Ultimate 9 | 74683A6796CE64B8C18B4297527CE629 | Signed : ACD Systems International Inc.
<FolderContextMenu> | Force Delete | C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe | Ultra Virus Killer | ABE7EEAC7746B246918CBA9A947A44DD | Signed : Carifred
<FolderContextMenu> | mplayerc64.enqueue | C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe | MPC-HC x64 | 63F398707F254F7D4ED7617CE9D42A65 | Unsigned : MPC-HC Team
<FolderContextMenu> | mplayerc64.play | C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe | MPC-HC x64 | 63F398707F254F7D4ED7617CE9D42A65 | Unsigned : MPC-HC Team
<FolderContextMenu> | tosBtShllExt | C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll | TosBtShell | 24F88AC7328E47F5D72D9E943E3027F3 | Signed : TOSHIBA
<FolderContextMenu> | UltraISO | C:\Program Files (x86)\UltraISO\isoshl64.dll | ISOShell | 25609F6954DB8C81B9979C8B88F880A0 | Signed : EZB Systems, Inc.
============ End of Image hijacks and Global context menus list. =============
As you can see all looks normal except 1 empty entry WondershareVideoConverterFileOpreation - it's an just a leftover of z recently removed app. And frankly speaking I hardly understand why this Wondershare is yet listed by UVK, when it has been carefully removed by Revo with all leftovers and then I've also performed z careful manual cleanup of both win7 drive & win7 registry!
Of course I know Autoruns... and it's surely available in this win7...
and I've already tried to disable all 3-rd party shell extensions a number of times w/o effect.
Pls trust me that I can easily disable any of shell extensions by either latest versions' CCleaner or Autoruns (x86 or x64) or SheelExView or ShellMenuView.
Anyhow, yesterday I've removed a couple of those Wondershare apps and installed all 4 m$ updates offered... now just testing... pls hold on
UPDATE: oops, sorry, my fault - I've missed one entry of Wondershare in win7 registry. but now it's deleted. then forget about it.
Last edited by laidbacktokyo; 21 Sep 2016 at 11:04.
Thanks. I can't see any problem there.
RE: Wondershare & UVK log
It's possible to delete any entry listed in the results like this:
Any line can be copied into a script as above. If the above is pasted into a notepad document and the saved with the .uvk extension you can just run the script in UVK. (Run Scripts > Import Commands From File)Code:<UVKCommandsScript> <SDelete> <FileContextMenu> | WondershareVideoConverterFileOpreation | | No description | Hash error: File not found | Unsigned : No publisher
Additionally if you right click any saved .uvk script you can edit "Edit with log analyzer" and insert commands.
In this case the <SDelete> command deletes the listed entry bypassing the recycle bin. If for some reason it can't be deleted it will get deleted on reboot.
RE: Registry entries. Actually the UVK Registry Search is pretty decent.
RE: C:\Program Files\Protector Suite\farchns.dll
It's not the same .dll as listed in your dump. "qlbase.dll" - So it doesn't look suspect.
1. ok. thanks for a short manual to some of UVK abilities. as I already mentioned once above it seems to be nice app.
2. well it would be good/suitable for me personally if a culprit won't be z UPEK fingerprint app.
3. z funniest news:
a) z issue doesn't come back yet as expected [usually it returns after some 1 day & explorer.exe process size - Memory (Private Working Set) - 80-100MB]; now it's same around 90MB for a quite long time but there is no problem with any place right clicks so far...
b) another issue with .net installer also gone.
so if it's all over I can't say if it's due to yesterday's Wondershare apps removed or m$ updates that changed versions of explorer.exe & shell32.dll applied.
please let me check around for at least a day more. ok?
thanks
UPDATE: oops... as usual it's premature to celebrate... z 1st main issue occurred again however z 2nd one confirmed gone
Last edited by laidbacktokyo; 21 Sep 2016 at 14:33.
Just a quick thought. How about checking msconfig > Startup tab?
Maybe it's possible to de-deselect that fingerprint app and reboot just for test purposes. Or maybe check what else is checked to launch on boot.
Start> Run then type msconfig and press Enter. Look at Startup Tab.
If there's no obvious suspect you can try this but it's a bit long winded:
Troubleshoot Application Conflicts by Performing a Clean Startup
thanks for idea. it's simple & nice.
I've disabled UPEK app @ win7 boot, and now testing...
p.s. of course, it's not disabled in full while some of its DLLs surely loaded... and at least I'm able to login into win7 in my regular way using fingerprint scanner but it's surely good for testing purposes...
UPDATE: oops... this way of testing w/o UPEK failed.... z issue occurred again even earlier @ explorer.exe process size around 70MB...
Finally I've removed fingerprint app completely w/leftovers and manual clean...
now again testing....
UPDATE#2: DAMN! z issue occurred again...
1. so it seems to be not fingerprint app fault!
2. here I should say again that this issue isn't explorer.exe CRASH in any way...
it's mostly looks like some unclear CACHE problem! when a result is a broken view of z right click popup menu itself and later desktop itself... and explorer.exe freeze...
however, z same right clicked item looks perfectly normal in Explorer++ @ z time of issue occurrence... pls refer to 2 screenshots as attached below.
and again there is ABSOLUTELY no any events in win7 logs! absolutely!
z only couple of events recorded around z issue time in win7 system log were:
All EventID 7036 (one by one - up is sooner one)
The Adobe Flash Player Update Service service entered the running state.
The Adobe Flash Player Update Service service entered the stopped state.
The Multimedia Class Scheduler service entered the running state.
The Multimedia Class Scheduler service entered the stopped state.
3. frankly speaking now I don't have a good idea of what app to uninstall next
thanks
Last edited by laidbacktokyo; 22 Sep 2016 at 10:49.
howdy Callender,
well I guess there are good news...
now I believe that culprits of both problems found.
pls let me test all a day or so and then i'll duly report details here.
rgds,
Howdy Callender,
ok, here is z final report.
I) Z main issue of this thread:
First of all I wanna again stress that this issue is confirmed as absolutely odd and finally not linked to explorer.exe of win7 itself directly. That's why z kindly advised by you technique of making dumps of win explorer process thru a win7 registry patch neither worked nor z error events sent to any of standard win7 logs. Or vice versa.
Well, you've kindly made z helpful and correct guess that a culprit is likely one of win7 shell extension of some 3rd party app. Well, so it was finally confirmed but frankly speaking it was z last one I'd suspect.
Anyhow, it's z Toshiba Bluetooth (BT) Stack (TBTS) for Windows v8.0.0.12(T) released by Toshiba or earlier versions released by Dell itself like z assumed latest v700051D. And let me say that both were very popular apps to install as recommended to use with many of old USB BT cards including Dell ones like 350, 360 etc made before Dell switched to Broadcom and/or Intel chips/combined WiFi & BT cards.
a) common link to download that TBTS app & drivers for last years from win7 start is:
Download Toshiba
b) as far as I know z latest but earlier version of same TBTS app & drivers as release by Dell itself:
Dell Wireless 360 Module with Bluetooth 2.1 + EDR, v.v700051D, A00 Driver Details | Dell US
Pls let me confirm this culprit twice when I fortunately have quite many laptops with win7x64 installed just around, including z newest, w/o such BT hardware, and same old as M4300 like Dell M6300, which is same basically but equipped with at least twice more powerful NVidia card. So this issue has been clearly confirmed on all Dell's ones with win7x64.
Also pls let me prompt z public that I've duly performed all necessary uninstalls/installs/tests/etc to confirm that z formal culprit should be named as a TBTS win7 shell extension v7.0.0.4 (or earlier like v7.0.0.1) as named before @ UVK log:
tosBtShllExt | C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll | TosBtShell | 24F88AC7328E47F5D72D9E943E3027F3 | Signed : TOSHIBA
but it's not so simple when I was lucky to surf z newest official TBTS version tc00632300g.exe (81.28M) v9.10.34T dated of 2015-07-28 here
http://www.support.toshiba.com/support/drivers which has been being tested for around a week to be free of this issue with its TosBtShell.dll is formally same v7.0.0.4.
OK. END OF MAIN STORY! Well pls be noted that I cannot guaranty that this newest TBTS version mentioned is free of issues but it works w/o main issue of this thread during a week. Thus let me assume this new version of TBTS just as acceptable. oops shall I now say f*ck toshiba or dell instead of regular f*ck m$ forever?????
P.S. BTW, I guess a lot of older PCs affected by this issue but it's found totally dependable on a way of use of pc/win7. If you do turn PC on & off once a day, and/or rarely/never use right clicks, especially on shortcuts listed in Win7 main button (left corner) > Recent Items (or just Recent) menu (if enabled) then there is no problem. Forget it. Z only reasonable way found to check if PC is affected by this issue is - pls right click one by one and repeat on all shortcuts listed at your PC recent documents. And if you'll get trouble with z right click popup menu like z pics above or otherwise - your PC is confirmed affected.
P.P.S. As far as I can remember all of my old Dell notebooks have been (more or less) plagued by this TBTS issue for years.
II) Oops shame on me I forgot about m$ .net fw installer trouble:
Same odd but better. It was all about also quite suitable 3rd party app Wondershare Video Converter Ultimate v8.3. This app unfortunately did use some of its own .net framework and likely interfered with m$ shit!!!!!! Now removed/replaced to ver. 8.8. and it seems ok/better.
Wondershare Video Converter Ultimate: Convert home-made videos & DVDs for Personal Use | OFFICIAL
end
Thanks a lot for patience and ideas.
I'm owing to you.
Rgds,
P.S. UVK app is surely nice.... explore++ portable is also ok.
Last edited by laidbacktokyo; 09 Feb 2017 at 11:08.
Thanks for the explanation as you've clearly put in some effort and it may help other users.