Hi igor,
For some time now, (System was configured w/COMODO CIS Firewall Free, latest version 5.10) the system would nearly freeze for about 30-50 seconds as, as you say, Explorer would call up rarext.dll and the two child processes. Only after some time passed, did the drop-down window open. At times, it would take two or more right-clicks to operate.
I put this down to the way COMODO would continually check a file against the cloud database; sometimes the return would take a bit of time.
Because of the negative impact on system performance, I, as I explained above, uninstalled WinRAR. Interesting to note, there was no entry in Add/Remove for this program. Successful removal also removed the several notations and links for WinRAR in the options drop-down box. BTW, to check the possibility that WinRAR was loading the rarext.dll at boot, I rebooted, I then chose not to open a shortcut by right-clicking, and instead went directly to the WinRAR folder to delete it, only to find the folder itself could not be deleted, as rarext.dll gave an "access denied" error when this operation was done in the administrator account. I think this indicates explorer.exe had been running this .dll since startup, and I did not want that.
So I removed it. Problem solved.
It would be nice if Avast! could break down running processes from the parent on down, so this aspect could be verified and monitored. If it had this option, I would have caught this much sooner, not four years later.
Reason I moved to Online Armor was due to the documented bug in COMODO Firewall and Avast! Otherwise I would not have found this.
EDIT: Sorry, misunderstood difference between a process and shell extension operand. Thanks for clarifying that. Still, the shell extension was loaded at startup, or seemed to be, anyway.