Windows Legacy OS forum

General discussion

XP Pro SP2, AMD 1200, spoolsv.exe 100% CPU utilization.

by hbi1000 / November 22, 2005 11:56 AM PST

HiJack This Profile:
Logfile of HijackThis v1.99.1
Scan saved at 2:38:42 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\1stClock\1stClock.exe
C:\Program Files\Iarsn\TaskInfo 6.x\TaskInfo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NVIDIA nTune] ''C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe'' clear
O4 - HKLM\..\Run: [NVMixerTray] ''C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe''
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StorageGuard] ''C:\Program Files\VERITAS Software\Update Manager\sgtray.exe'' /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijack This\HijackThis.exe /startupscan
O4 - Startup: 1st Clock.lnk = C:\Program Files\1stClock\1stClock.exe
O4 - Startup: Task Info.lnk = C:\Program Files\Iarsn\TaskInfo 6.x\TaskInfo.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Atomica... - file:C:\PROGRA~1\Atomica\ATOMIC~1\Html\griemenu.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

This profile, however, does not reflect the CPU utilization of 97 to 100% constantly while the spoolsv.exe is running. I've checked and it is the valid 52KB .dll file and not a virus/worm (I've even replaced it from another XP SP2 machine). I cannot seem to locate the cause of the problem. The machine, of course is very SLOWWWW, 5 minutes for a 50 millisecond response. I've disabled the spoolsv.dll by temporially renaming it, and the machine runs almost perfectly; excepting the fact I cannot load any printers. Which, by the way, on one of my forays into the depths of the machine I noticed it had 6 LPT1's assigned to it; however, no printer has yet to be attached to the machine. I'd appreciate any thoughts, direction, or advice (other than reload the OS and apps.) thanks.

Discussion is locked
You are posting a reply to: XP Pro SP2, AMD 1200, spoolsv.exe 100% CPU utilization.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: XP Pro SP2, AMD 1200, spoolsv.exe 100% CPU utilization.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
We don't normally evaluate HJT logs
by MarkFlax Forum moderator / November 22, 2005 8:26 PM PST

Sorry, but it takes a lot of time, effort and expertise to evaluate such logs, and the volunteers here are generally unable to go through them unless they have specifically asked for the logs.

Have a look at this post;

However I have to ask, if you have solved the problem by disabling spoolsv.dll by renaming the file, and if there are no printers attached to the computer, then why not disable the spoolsv.exe from automatically starting in the Computer Management Console, (Right click My Computer, select Manage, then "Services and Applications" > Services > Print Spooling, set to manual by right clicking, select Properties and changing Startup type).

It may be that as there are no printers attached, the Spoolsv.exe is searching for printers, and not finding any.

What shows up in Start > Printers & Faxes?

I have run your HJT log through an online analyser here;
and it didn't show up anything striking but I am no expert on HJT log analysing; you can try this yourself but beware your own limitations.

Good luck,


Collapse -
SOLVED by the obvious, Thank you.
by hbi1000 / November 22, 2005 11:24 PM PST

Hi Mark,
Man, do I feel like a newbie; your question of "What shows up in Start > Printers & Faxes?" was were I should have looked first; and, of course, that is where I found a misc. print job waiting to print. No wonder the print spooler was going crazy. I've spent 4 days trying to figure this thing out, and my thanks to you for pointing out the obvious.

I also was unaware of the HiJackThis analysis web site, I ran my profile through and was surprised by the feedback, but as you say, watch out for what you don't know.

Thank you very much for your insight and advice; please pat yourself on the back for me, as I'm much more relaxed now that this is solved. Can you advise me of any other, perhaps more technically oriented forums, that are knowledgeable and responsive, in case I need in-depth future advice? Thanks again, and have a good holiday.

Michael (hbi1000)

Collapse -
Follow-up on previous thank you.
by hbi1000 / November 22, 2005 11:29 PM PST

I read the HJT post you recommended and I take it those are the technical forums I will go to should I need them in future. Thanks again for your time and solution.

Collapse -
You're welcome
by MarkFlax Forum moderator / November 23, 2005 12:09 AM PST

and I'm glad you got the spoolsv service sorted out.

Yes those HJT links are good for sorting out heavy malware infections on a computer. But in these forums there are plenty of people who have a lot more technical expertise than myself for all other matters, like hardware and system problems/questions.

Also, in our Virus & Security Alerts forum here;
there are experts to help you out on virus matters and anti-malware utilities in general.

The HJT log forums tend to deal with mass infections of a system although I am sure they have the same expertise in other matters that we do.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?