Spoolsv.exe high memory usage
I have a Windows 2000 SP4 box. The Spoolsv.exe memory usage constatly increases. If I stop and restart the service it responds as it should.
I have deleted all printer drivers; removed any references to printers in the registry; checked for viruses; replaced the Spoolsv.exe file with a known good one.
I have deleted all printer drivers; removed any references to printers in the registry; checked for viruses; replaced the Spoolsv.exe file with a known good one.
ASKER
Thanks for this suggestion. What is so strange is I have followed these directions and every other troubleshooting document I could find. Yet, nothing seems to work.
ok,,,, so u are trying to use only one printer right now..... what if u uninstall this printer, and install another printer(with updated drivers).... does the spoolsv.exe problem still exist ??
ASKER
Yes, I have uninstalled all the printers at this point. I also dowloaded the updated drivers and installed them without success. At this point I do not have any printers installed and yet the Spoolsv.exe is doing the same thing....go figure.
hmmmmmmm so how abt trying some suggestion from here >> http://www.annoyances.org/exec/forum/winxp/t1084676549
ASKER
Thanks:
I looked into the Microsoft image printing and it was not installed on the box.
I looked into the Microsoft image printing and it was not installed on the box.
hmmmmmmm then what else.... can we think abt reinstalling\reapplying only SP4 :-?
ASKER
Are you suggesting installing overtop of the current installatiion or uninstalling and then a reinstall?
installing overtop is enough i think..... coz it will reset all settings again as they were set when u first installed SP4 !!!!
ASKER
I reinstalled SP4 and no change. Uninstalled SP4 and Reinstalled and still no change. This is very strange.
go here and stop the unwanted services >> http://www.blackviper.com/WIN2K/servicecfg.htm
if same issue then try this, Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
if same issue then try this, Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
ASKER
Here it is:
Logfile of HijackThis v1.97.7
Scan saved at 9:53:05 AM, on 9/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
Z:\ImLua.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PDesk\PD
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\SxgTkBar
C:\PROGRA~1\Adaptec\Direct
C:\WINNT\System32\dpmw32.e
C:\WINNT\system32\NWTRAY.E
C:\Program Files\Real\RealPlayer\real
C:\Program Files\Real\RealJukebox\tsy
C:\Nemis\bin\javaw.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.E
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Adaptec\EASYCD
C:\WINNT\system32\NALWIN32
C:\WINNT\twain_32\Fjscan32
C:\Program Files\Iomega\Tools_NT\IMGI
C:\WINNT\system32\naldesk.
C:\VREDISCOV\FXP.WIN\red.e
J:\HijackThis.exe
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O1 - Hosts: 198.76.128.82 zenwsimport
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PD
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\Direct
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.e
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\real
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsy
O4 - HKLM\..\Run: [NEMIS] C:\Nemis\bin\javaw -cp "c:\nemis\lib\nemis.jar" -DmulticastGroup="231.1.1.
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.E
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Fujitsu Scanner Control Center.lnk = C:\WINNT\twain_32\Fjscan32
O4 - Global Startup: Getting Started with MacDrive 5.lnk = C:\Program Files\Mediafour\MacDrive5\
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGI
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\star
O4 - Global Startup: Logo Calibration Loader.lnk = C:\PROGRA~1\GRETAG~1\i1\Ca
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Re
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicato
O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O14 - IERESET.INF: START_PAGE_URL=http://staffonly.nara.gov
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C
Logfile of HijackThis v1.97.7
Scan saved at 9:53:05 AM, on 9/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
Z:\ImLua.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PDesk\PD
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\SxgTkBar
C:\PROGRA~1\Adaptec\Direct
C:\WINNT\System32\dpmw32.e
C:\WINNT\system32\NWTRAY.E
C:\Program Files\Real\RealPlayer\real
C:\Program Files\Real\RealJukebox\tsy
C:\Nemis\bin\javaw.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.E
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\Adaptec\EASYCD
C:\WINNT\system32\NALWIN32
C:\WINNT\twain_32\Fjscan32
C:\Program Files\Iomega\Tools_NT\IMGI
C:\WINNT\system32\naldesk.
C:\VREDISCOV\FXP.WIN\red.e
J:\HijackThis.exe
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O1 - Hosts: 198.76.128.82 zenwsimport
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PD
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\Direct
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.e
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\real
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsy
O4 - HKLM\..\Run: [NEMIS] C:\Nemis\bin\javaw -cp "c:\nemis\lib\nemis.jar" -DmulticastGroup="231.1.1.
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.E
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Fujitsu Scanner Control Center.lnk = C:\WINNT\twain_32\Fjscan32
O4 - Global Startup: Getting Started with MacDrive 5.lnk = C:\Program Files\Mediafour\MacDrive5\
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools_NT\IMGI
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools_NT\star
O4 - Global Startup: Logo Calibration Loader.lnk = C:\PROGRA~1\GRETAG~1\i1\Ca
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Re
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicato
O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugi
O14 - IERESET.INF: START_PAGE_URL=http://staffonly.nara.gov
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
==========================
check these lines and click on Fix Checked !!
then go here coz this line(O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe) shows that ur ur system is infected with WORM_SDBOT.NM >> http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NM
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
==========================
check these lines and click on Fix Checked !!
then go here coz this line(O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe) shows that ur ur system is infected with WORM_SDBOT.NM >> http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SDBOT.NM
ASKER
Update:
Used the Windows 2000 disk to repair the OS. This resolved the issue.
Used the Windows 2000 disk to repair the OS. This resolved the issue.
ASKER
I resolved this issue by running a repair using the os disk.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check the suggestions here to Cleanup the printer drivers and resetting the spoolsv.exe service >> http://members.shaw.ca/bsanders/CleanPrinterDrivers.htm
!! GOOD LUCK !!