On 3/28/2024 4:10 PM, David E. Ross wrote:
> Is there a file or registry entry where I can edit the context menu I
> see when right-clicking on a file or folder?
>
> I have AVG AntiVirus Free installed. When I right-click on a file or
> folder, the context menu shows "Scan selected items for viruses" but
> without any icon. That means I have to read the text for each context
> item to locate AVG's link. I want to edit the item to show AVG's icon,
> which would speed my ability to locate that link.
>

The documentation on the web, shows one way to load a Shell Extension.
The procedure is relatively verbose. A person can see the registry
preference pointing to an icon source. Such a procedure makes
it possible for the (power) user to interact, and replace the icon
if damaged or incorrect.

What I'm finding though, is from a trace perspective, I'm not finding
that same "nice" procedure for AVG. There seems to be more than one
way to support a ShellEx.

AVG seems to have a shell extension (ashshell). You would think it would be
loaded into Explorer, but doing the trace, I can't really be
sure who it is loading into. There is also a "server" which AVG might
rendezvous with.

Now, what's interesting in your situation, is I did a Boot Trace
using Process Monitor. I had to select an older version, to try
to get procmon23.dll hidden injection to load. And I could hardly
tell what was alternately blocking it and allowing it to inject.
It's not necessarily AVG, and seems to be some patching some
twit did at Microsoft (without that individual alerting the
people who support Sysinternals ProcMon). At one time, doing
a Boot Trace actually worked well enough, anyone could use it.
It's a bit twitchy now and... annoying.

In any case, I got a trace. At 32 seconds into the Boot Trace,
I can see ashshell.dll load, and the CLSID is labeled as belonging
to the AVG shell extension.

Right before ashshell.dll starts to load (readfile, in chunks), there
is access to iconcache.db . Each OS has a slightly different design.
Windows 7 has a single file. Later OSes have a file-per-icon-size,
which is both nice and nasty. Nice, in that you would expect for
a ShellEx, a "certain size" of icon would be desired, and then
seeing it read that icon-size-file would help prove it was
fetching a context menu icon. Nasty, in that when you need to
rebuild your iconcache, you have to be careful what you delete.

We don't have that in this case. There is a tool which can
read iconcache.db , but it is a paid tool.

Summary: I think your issue is tied to iconcache.db .
There are procedures for "rebuilding" the iconcache.db.
Doing this requires a backup of C: first, because this
activity can end badly (one dude managed to bust his boot!).
In any case, your missing icon may actually be "living"
in an ever-so-slightly damaged iconcache.db . Without a utility
to reliably read iconcache.db , we cannot compare my working
iconcache.db, to your file.

The iconcache.db has a size which is defined by a registry setting.
If the actual collection of icons on your machine was too big,
the iconcache may need to be expanded.

[Picture] Original GIF file around 1,095,678 bytes

https://i.postimg.cc/zDsjkv77/Win732-AVG-Boot-32seconds-shellex-interest.gif

[Picture] The CLSID in the trace, around the interesting bit, Regedit entry is here

https://i.postimg.cc/dVqGWyy2/AVG-Shellex-CLSID.gif

click Download Original, if you cannot view the image as you would like.

Paul