Why is regsvr32.exe being used by spoolsv.exe?

We have security software that stopped c:\windows\system32\spoolsv.exe from using c:\windows\syswow64\regsvr32.exe. I am trying to determine of this activity is legitimate and am suspicious because before July 12 there was no incidents of this happening in our environment at all and is only happening on 22 of our 250 workstations, but those are scattered among all offices. Usually the user is associated to NT AUTHORITY\SYSTEM but sometimes it is the actual user. All workstations are for the most part the same setup.