Explorer at 100%, kernel32.dll the culprit?

[Daedal]

I'm running XP Pro x64. Any time i do big transfers, Explorer.exe skyrockets to 50% CPU (I'm running dual core, none of my applications breach the second core, i don't know if that's normal). Anyways, the thread that takes up all of it is labeled "kernel32.dll+0x2b6e0" If I simply kill the thread, the problem is resolved, and it resolves it self after a while (I'd say 40 minutes to a few hours) if I don't stop it. But I'm wondering if there is some sort of fix? This never happened on my x32 box. So I'm assuming it's me and x64 not agreeing. Help is much appreciated.

 

[Osiris]

Just a shot in the dark, post a hijackthis log just to make sure nothin is in there that shouldnt be

 

[Daedal]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:50 PM, on 6/19/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
E:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files (x86)\TuneUp Utilities 2009\MemOptimizer.exe
E:\Program Files (x86)\Java\jre6\bin\jqs.exe
E:\Program Files (x86)\Java\jre6\bin\jusched.exe
E:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - E:\Program Files (x86)\MySpace\Toolbar\1.0.45.0\MySpaceToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - E:\Program Files (x86)\MySpace\Toolbar\1.0.45.0\MySpaceToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] E:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "E:\Program Files (x86)\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: e:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244157582140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - E:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - E:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - Unknown owner - E:\WINDOWS\System32\TUProgSt.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\system32\vmnat.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)


Thats weird, it says i'm running win2003? anyways. there it is, the whole file missing thing kinda worries me too..

 

[Osiris]

just ignore those missing files, its ok....

Well the log actually looks fine

Do you remember if this issue happened before you installed any programs such as VMWare?

 

[Daedal]

Yep, its happened before then, it seems to happen when large amounts of small files are copied as well, like i just upgraded to FF 3.5 and it spiked, If i end the thread that causes the spike, i have to manual refresh. and only when i restart explorer after a spike, will it show that i have successfully moved the files. So i'm thinking that the thread has something to do with indexing maybe?

 

[Osiris]

Usually I make a copy of my explorer.exe file and upload it to someone that has these issues but I'm not running 64bit so maybe someone here can do that.

Have you tried a repair yet?

 

[Daedal]

Well, i havent actually taken it in anywhere, but i've tried all the repairs i know off, i'm thinking i'll pull a sfc /scannow to see if that helps.

 

[Osiris]

Any luck?

 

[Daedal]

Well, haven't copied anything big, i turned off indexing since i use a 3rd party app called locate32 for my indexing. But a few of the files were locked. I noticed that indexing was not installed, and the service was not started, but yet my files were set for indexing on my main partition, could this be the problem?

 

[Osiris]

Not sure, I don't use Indexing, it's disabled