Virus spoolsv.exe Solved

Question

Hello, I have an active process named spoolsv.exe that is using 99% of my machine's resources. If I end it, it restarts immediately even after system boot. I think it might be a "trojan" type virus. I have Norton Antivirus 2005 which does not seem to detect it even after a scan. What should I do to get rid of it? Thank you in advance for your help.Configuration: XP HOME

Halala · Accepted Answer

"spoolsv.exe est un exécutable système de Microsoft Windows qui gère le processus d'impression vers vos imprimantes locales. Note : spoolsv.exe est également un processus qui est enregistré comme le cheval de Troie Backdoor.Ciadoor.B. Ce cheval de Troie permet aux attaquants d'accéder à votre ordinateur, volant des mots de passe et des données personnelles. C'est un risque de sécurité enregistré et il doit être supprimé immédiatement." Bien, en français, spoolsv.exe s'occupe de l'impression, mais est aussi connu comme le cheval de Troie Backdoor.Ciadoor.B. Un bon antivirus ou un scan en ligne permettrait je pense de trancher...( j'ai dit un BON antivirus...nan, j'déconne, j'ai aussi Norton...lolll) Le fichier spoolsv.exe est normalement localisé dans c:\windows\System32, s'il est ailleurs, ça doit mettre la puce à l'oreille...

bugslt · Answer

Hello   Go there and give me news http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html  bugslt

moe · Answer

Hi bugsit  The program you mentioned (sphjfix) is only valid for one type of infection, about:blank (and there are many of them), no need to post the link on threads that have nothing to do with the topic ;-)   See you+

bugslt · Answer

Hi   I know, but you have to start with something to understand all the problems, and sometimes you have to try several times.   bugslt

Glop · Answer

The solution is very simple: go to WINDOWS\system32\PRINTERS and delete everything  the virus disappears completely

zerocool · Answer

Hello everyone, I'm responding a little bit later, but actually, I had the same problem and I came across this post. Having found the solution, I wanted to share it in case someone else stumbles upon the forum. So here it is, first of all, it’s a worm that causes all this, the worm is called Gaobot, well-known for its multiple variants. And everyone says, yes, but why can't I detect it, it’s very simple actually: the worm is located in system32/spool/printer/ and there is one of the files, generally the only one, which is .spl, for example 00008.spl. So it’s not the .exe that is located in system32 because it is only present when the process is active, so the solution is to terminate the process first (without danger), or start in safe mode. It is recommended to disable system restore even though I didn’t need to (I remind you that many versions of this worm exist). Anyway, once that’s done, you scan with a good antivirus (the online ones don’t always work for this problem) or clean the printer folder (mentioned above). There you go, you restart, the process starts up again but your CPU usage should be between 0 and 3% approximately. Good luck everyone and I hope this helps you.

regis59 · Answer

Hi, download hijackthis here: https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/ Help is here: https://www.zebulon.fr/dossiers/securite/56-analyse-rapports-hijackthis.html  Unzip it into a folder designated for that purpose. For example C:\hijackthis launch it then: click on "do a system scan and save logfile" copy and paste the entire log on the forum.

toune2803 · Answer

I have the same issue from the startup of my PC, I get "" ...cannot find c:/WINDOWS/SPOOLSV.ENE""   I know it's not a Windows component since it's not in system32   I did a hijackthis and here's the report, it's Chinese to me:    Logfile of HijackThis v1.99.1  Scan saved at 16:26:19, on 11/12/2006  Platform: Windows XP SP2 (WinNT 5.01.2600)  MSIE: Internet Explorer v7.00 (7.00.5730.0011)   Running processes:  C:\WINDOWS\System32\smss.exe  C:\WINDOWS\system32\winlogon.exe  C:\WINDOWS\system32\services.exe  C:\WINDOWS\system32\lsass.exe  C:\WINDOWS\system32\svchost.exe  C:\WINDOWS\System32\svchost.exe  C:\WINDOWS\explorer.exe  C:\WINDOWS\system32\spoolsv.exe  C:\Program Files\ewido\security suite\ewidoctrl.exe  c:\Program Files\Common Files\LightScribe\LSSrvc.exe  C:\WINDOWS\system32
vsvc32.exe  C:\WINDOWS\system32\svchost.exe  C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe  C:\windows\system\hpsysdrv.exe  C:\WINDOWS\system32\hphmon06.exe  C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe  C:\Program Files\InterVideo\Common\Bin\WinRemote.exe  C:\WINDOWS\ALCXMNTR.EXE  C:\WINDOWS\system32undll32.exe  C:\Program Files\Logitech\Video\LogiTray.exe  C:\WINDOWS\VM_STI.EXE  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe  C:\WINDOWS\system32undll32.exe  C:\Program Files\Picasa2\PicasaMediaDetector.exe  C:\Program Files\iTunes\iTunesHelper.exe  C:\Program Files\QuickTime\qttask.exe  C:\HP\KBD\KBD.EXE  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe  C:\WINDOWS\system32\NotifyPhoneBook.exe  C:\Program Files\Player Video TF1	f1.exe  C:\Program Files\Macrogaming\SweetIM\SweetIM.exe  C:\Program Files\Skype\Phone\Skype.exe  C:\Program Files\Shareaza\Shareaza.exe  C:\WINDOWS\system32\ctfmon.exe  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-be\bin\WindowsSearch.exe  C:\WINDOWS\system32\LVComS.exe  C:\Program Files\iPod\bin\iPodService.exe  C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-be\bin\WindowsSearchIndexer.exe  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe  C:\Program Files\MSN Messenger\msnmsgr.exe  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe  C:\WINDOWS\System32\svchost.exe  C:\WINDOWS\system32\svchost.exe  C:\Program Files\JCA2000\StopPub\StopPub.exe  C:\Program Files\Internet Explorer\iexplore.exe  C:\WINDOWS\system32\wisptis.exe  C:\Program Files\WinRAR\WinRAR.exe  C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links  R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)  R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll  F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\SPOOLSV.EXE  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx  O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll  O2 - BHO: (no name) - {1C8640B9-1625-6C24-7AF2-210BABCD569B} - (no file)  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll  O2 - BHO: MSN Search Helper Toolbar - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-be\msntb.dll  O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-be\msntb.dll  O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect  O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe  O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe  O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"  O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"  O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE  O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE  O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe  O4 - HKLM\..\Run: [ewidoguard] "C:\Program Files\ewido\security suite\ewidoguard.exe"  O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe  O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime  O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe  O4 - HKLM\..\Run: [tf1] C:\Program Files\Player Video TF1	f1.exe  O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart  O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe  O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  O4 - Global Startup: Quick Start of HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-be\bin\WindowsSearch.exe  O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html  O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-be\msntb.dll/search.htm  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS  O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000  O8 - Extra context menu item: Open in a background new tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-be\msntabres.dll/229?f7e938d72f94481a29bbce7717cf782  O8 - Extra context menu item: Open in a foreground new tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-be\msntabres.dll/230?f7e938d72f94481a29bbce7717cf782  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll  O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll  O9 - Extra button: Stop Ad - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe  O9 - Extra 'Tools' menuitem: Stop Ad - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe  O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm  O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe  O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)  O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)  O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)  O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)  O11 - Options group: [INTERNATIONAL] International*  O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab  O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://mm.tf1.fr/superdistribution/installer2.cab  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.aprr.fr/fr/preparation_au_voyage/temps_reel/webcams  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab  O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab  O17 - HKLM\System\CCS\Services\Tcpip\..\{4AD871FC-47C2-4DA7-BBB0-8F6398324FFA}: NameServer = 195.238.2.21 195.238.2.22  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll  O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)  O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

sou||ess · Answer

I had the same problem with a client, but since spoolsv is linked to printer functions, it's the printer that is causing the issue. To fix it, clear the document queue or unplug the printer.  spoolsv.exe IS NOT A VIRUS. And that's why terminating the process doesn't help.  In case of panic, remove the printer completely.

sahsouh45 · Answer

Hi,  Well, guys, it's really slow when I print because the spoolsv.exe process is using 100% of the CPU. I can't do anything. There's no virus and there are no pending print jobs. Please help me because this is starting to annoy me.

k · Answer

Good evening everyone! Simple and quick solution to implement: *)  1 - Stop the "print spooler" service (PWork\manage\services) 2 - Create 1 batch: > net start spooler 3 - Create a second one with: > net stop spooler  --In 1 - the service is stopped, no printing possible but NO WORRIES! --In 2 - click click on your 1st batch named "startspool" for example, so your service starts when you want to print. --And 3 - click on the other batch to stop your service again! Personally, I don't print often, it might be annoying for crazy printers!  See you later, hoping I helped you (cosilovedaweed!)

bibi9595 · Answer

SPOOLSV must be a worm, I say this because I've never installed a printer and it's still trying to do it??-_-' and since when does a printing program need to connect to the internet to be able to print?? I conclude that a worm has the same name and must be harmful... now how to remove it...

AlainF · Answer

[RESOLU] Hello,  in my case: error at startup of the PC "spoolsv.exe" "unable to complete the operation";  no detection with antivirus, no printer in the folder and unable to install one!!!  the solution is on the page: http://support.microsoft.com/kb/324757/en of Microsoft support  this fix eliminated the spoolsv.exe error message at startup of the PC and I installed my three printers without any problem  Thanks again for your forum

Galileo · Answer

Indeed, if I tell my firewall to deny access to this file, my printer won't print. This file is located in my WINNT/system/32.

DTEC · Answer

Thank you for the information, it saved me a lot of time.  Have a nice day and THANK YOU

ben · Answer

Hello everyone help I'm overwhelmed, I can't do anything with my computer I don't understand anything anymore here's the thing that analyzes the computer help me thank you in advance  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:19:22, on 04/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\avp.exe C:\WINDOWS\lsass.exe C:\WINDOWS\mgrs.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\avp.exe C:\WINDOWS\lsass.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\VM305_STI.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32undll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32	askmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\khaled\Desktop\HijackThis.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\khaled\Local Settings\Temp\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjj.exe O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {C03DDD40-B6CD-4D42-82C6-7556F51B4C42} - C:\WINDOWS\system32\mljjj.dll O2 - BHO: (no name) - {FD03C949-1F23-41EA-B53A-C31EE0154454} - C:\WINDOWS\system32\yayvuss.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxub.dll,startup O4 - HKLM\..\Run: [Conjugaison] C:\Documents and Settings\khaled\My documents\boutheina\Conjugaison 4.70\Install\conjLauncher.exe O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Update Tool.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mail.fcconseil.com/teletravail/clients/wficat.cab O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.107.downloads.estara.com./as/OneCCDM.php?template=41001&sessionid=2015393908_86.68.124.146_1509&=&req=1191566910765OneCC.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://photoways.com/clients/uploader_v2.1.0.53.cab O20 - Winlogon Notify: winccf32 - C:\WINDOWS\SYSTEM32\winccf32.dll O20 - Winlogon Notify: yayvuss - C:\WINDOWS\SYSTEM32\yayvuss.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe  -- End of file - 9131 bytes

Quesnel · Answer

norton is a virus gateway, it detects them but doesn't remove them, so go with nod32.

poupou · Answer

I have the spoolsv.exe process and I'm not sure if I should end it or not. Thank you for your response.

yan · Answer

I also have this problem, and my CPU is always at 100%, I don't understand anything anymore, please help me, thank you very much.

Noddin · Answer

I have the same problem, That is: The CPU usage goes from 10 to 99% without warning and for no reason... I looked in the folder c:\...\system32\printers but there's no file named 0008.spl However, after a search, it shows me several existing spoolsv.exe (7, including one with the .pf extension located in C:\WINDOWS\Prefetch C:\WINDOWS\system32.exe C:\WINDOWS\$NtServicePackUninstall$ C:\WINDOWS\$NtUninstallKB896423$ C:\WINDOWS\ServicePackFiles\i386 C:\WINDOWS\$hf_mig$\K896423\SP2QFE C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d71(...) )  Also, even though I stopped the spoolsv.exe process 3 times in a row, (the CPU usage peaks between 5 and 20%) it still has sudden spikes for a few seconds to 80%, 99%... Is it another process or is there some other issue..?  Thank you in advance.

J-L · Answer

You need to check if you have one or more printers installed on your computer and any print jobs for printers that no longer exist on your computer. Cancel everything and uninstall the nonexistent printers.

_samaritain_ · Answer

Hello,  I admit that I just signed up for the same problem and that I am a bit lost.  I also have that infamous sooplsv.exe which is created at every restart directly in C:\WINDOWS and is using a good portion of the resources.  Here is the HijackThis report >>  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:49, on 19/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\windows\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrateur.TITANIUM\Mes documents\DWNLD\Scan du systeme\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Svchost] c:\windows\svchost.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O8 - Extra context menu item: Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
pjpi142_05.dll O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin
pjpi142_05.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe  -- End of file - 5059 bytes  What should I do to get rid of this virus?  Thank you in advance for any help,  Best regards.

joker666 · Answer

I have a question. I heard that to fix this problem I just need to delete "printer", but if I delete it and it wasn't a virus, will I still be able to print??? (We were told it was related to printing...)

JensJens · Answer

Hello, after consulting the two pages regarding this issue, I am posting my problem which may be a bit different. Indeed, like everyone else, I have a spoolsv.exe in my active processes at startup; however, it does not take up 99% of my CPU but around 5000 KB (this varies). Moreover, it is possible for me to remove it until the next startup of the computer by deleting it three times in a row (once deleted, it takes 2 minutes to restart, starting from 2500 KB up to 5000 KB progressively), but after repeating the operation three times, it no longer comes back.

So I am looking for how to delete it permanently; of course, it is not detected by antivirus software, I have no files in my printer folder, I tried formatting my computer using the Windows XP CD, but nothing can be done, it is still there.
However, I note the presence of two spoolsvs during my searches, one in System32 and another in WINDOWS/perfecth that is named SPLOOLVS.EXE-282F76A7.pf.

Thank you for your attention.

ghost18_07 · Answer

ok, for this application. "spoolsv.exe est un exécutable système de Microsoft Windows qui gère le processus d'impression vers vos imprimantes locales. Remarque : spoolsv.exe est également un processus qui est enregistré comme le Trojan Backdoor.Ciadoor.B. Ce Trojan permet aux attaquants d'accéder à votre ordinateur, de voler des mots de passe et des données personnelles. C'est un risque de sécurité enregistré et doit être supprimé immédiatement."  il te faut faire ça ;) : démarrer => Exécuter => taper (msconfig) => service => décocher (spooler d'impression). c'est tout :) redémarrer ton PC.

samaritain · Answer

Bravo, but how do you print without the print spooler afterwards?

Virus spoolsv.exe - Page 2

Hardening cpu kernel?

What address is my account at?

Texture issues in enshrouded

Print a pdf = blank page

Connecting a sony handycam video 8 ccd f555e to an hd tv

Lost tnt channels (via antenna)

Find the cloud

Start playback

No sound on my pc

My printer won't connect to my pc anymore