I have been having some issues with explorer.exe hanging when I create a new folder.

If I use Analyse Wait Chain in the Resource Monitor it says "One or more threads of explorer.exe are waiting to finish network I/O".

When I look at the offending thread in Process Explorer it reveals nothing interesting:

ntdll.dll!ZwWaitForMultipleObjects+0xa 
KERNELBASE.dll!GetCurrentThread+0x36 
kernel32.dll!WaitForMultipleObjectsEx+0xb3 
USER32.dll!PeekMessageW+0x1cd 
USER32.dll!MsgWaitForMultipleObjectsEx+0x2a 
USER32.dll!MsgWaitForMultipleObjects+0x20 
SHELL32.dll!SHAppBarMessage+0x41e 
SHELL32.dll!DragAcceptFiles+0x2a3c 
SHELL32.dll!DragAcceptFiles+0x2a4f 
SHELL32.dll!Ordinal211+0x124 
SHELL32.dll!SHChangeNotification_Unlock+0x12f4 
USER32.dll!GetSystemMetrics+0x2b1 
USER32.dll!IsDialogMessageW+0x19b 
USER32.dll!IsDialogMessageW+0x1e1 
ntdll.dll!KiUserCallbackDispatcher+0x1f 
USER32.dll!PeekMessageW+0xba 
USER32.dll!PeekMessageW+0x89 
SHELL32.dll!SHChangeNotification_Unlock+0xd9f 
SHELL32.dll!Ordinal885+0x1407 
SHLWAPI.dll!SHRegGetUSValueW+0x306 
kernel32.dll!BaseThreadInitThunk+0xd 
ntdll.dll!RtlUserThreadStart+0x21

While I was looking at the explorer.exe threads I did notice a fair few that talk about ETW (Event Tracing for Windows) so obviously explorer.exe uses tracing.

So I decided to try and user TraceView.exe to try and listen in on the explorer.exe traces.

The problem is TraceView requires some difficult-to-come-by stuff... either pdbs, or CTL files, and .TMF files. I tried using the explorer.pdb that comes with the Windows SDK but that did not work. I do not see explorer.exe in the "named providers". And I have no idea where to locate the ctl or .TMF files for explorer.exe.

So the question is: Is there a way to view the ETW trace messages from explorer?

Or shall I just not bother and go back to the age old technique of disabling every explorer extenion one-by-one in the hope its one of them. (Prefer the former as I like to get to the bottom of things!!)