Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Svchost.exe error when logging in to Windows.

Posted on 2006-07-10
Last Modified: 2008-02-07
 A user at my work is recieving a svchost.exe error.  The following error is what is displayed on his screen when HE LOGS INTO WINDOWS (XP Pro):

The instruction at "0x10057530" referenced memory at "0x00000000".  The memory could not be "written".

  Click on OK to terminate the program

  Click on CANCEL to debug the program

When the user click's OK, the usual windows error reporting window comes up prompting for you to report the error.

**The user has a laptop with Symantec Anti-Virus protection, Service Pack 2, ALL of the latest updates as of about a week ago and has been formatted from scratch about 3 weeks ago right out of the Dell box.  It also has Windows Defender and that has the latest definitons as well.**

  I don't know if this error has anything to do with it, but when HE LOGS OUT OF WINDOWS he recieves a IreIKE.exe error message that displays similar information as the error message above.  I couldn't write down all of the error message because it only appears when the screen displays "Closing network conections.... Saving settings..." etc.  and then disappers because the PC has shut down.

**Both of the error messages are displayed at which appears to be random intervals.  For example, when I first found out about the error message I restarted the computer 3 times and did a complete shutdown 4 times.  The first error message was only displayed once and the second error message was diplayed twice.**
Question by:Swamp_Thing
  • 5
  • 5
LVL 59

Expert Comment

ID: 17073066
Well, here's a page about IreIKE:


My own suspicion is that you have viruses/trojans/other malware.  Some free online virus scanners:




Also try these free programs to rid your system of spyware, trojans, and other malware:

Spybot - Search & Destroy

LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Author Comment

ID: 17073198
I will repost in a few minutes but this post is in response to it being a virus.  My boss already suggested that I scan using TrendMicro's free online scan and it didn't turn up anything at all.  I did the full system scan.  In addition I had read that the svchost.exe could be associated with the Blaster worm so I ran a scan tool for the worm and it didn't turn up any results either.  We also use Windows Defender which reported back with no issues found after a full system scan and Symantec Network Anti-Virus Client which also reported back with no issues after a full system scan as well.

Author Comment

ID: 17073435
I know that the IreIKE file is associated with our VPN client but it looks like I need to contact SafeNet tech support about it because my boss who just recently went on a business trip, is recieving the same message.  Not only is the IreIKE file associated with the VPN, it is actually created during the install of the VPN client in the SafeNet\NetScreen Remote folder.
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 17073468
 We use both SpyBot and AdAware on our machines and neither found anything big, just the usual issues that are linked to cookies, etc.
LVL 59

Expert Comment

ID: 17073555
Perhaps you can find out a bit more about what Svchost.exe is connected to:

from Lockergnome, 1-28-03 edition:

Question: How do I find out what is starting a service on my computer? The name of the service is svchost.exe and the user name is Local Service. It starts with the first logon and eats a consistent 25-35% of CPU processing time. I have ended the process using the Windows Task Manager and have not had any problems. Any insight would be appreciated.
Answer: I think we can shed a little light on your svchost.exe problem. You didn't say whether you are using Windows XP or Windows 2000, so I will try to give the information for both. First, let's address what the svchost.exe program is used for. As quoted from Microsoft Knowledge Base Article - 314056: "At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging." In layman's terms, it is basically an easy way for your computer to execute a lot of DLL files that are needed at startup. So instead of just ending one of the instances of svchost.exe, we need to find what set of DLLs might be causing your processing problem.

In Windows XP, you can get a list of running services by going to Start | Run | type "CMD" | click OK. Type "tasklist /svc" (sans quotes) and then press Enter. Now you will have a list of every DLL running under each svchost.exe instance. For Windows 2000, you need to extract the Tlist.exe utility from the Support.cab file on your Windows 2000 installation CD. You still need to open a command window, but you will need to navigate to where you extracted the Tlist.exe file to, type "tlist -s" (sans quotes), and then press Enter.

For more information, see Microsoft Knowledge Base Article - 250320. Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost. Also, each svchost group extracts its service names from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ . Be sure to back up the registry key you are configuring before you make a change. You do this by browsing the desired registry key, and then going to File | Export. Follow the prompts, and you will now have a way to bring back that registry key (if you accidentally damaged it). I hope this helps to answer your question, but if you're still hunting for an answer after trying this suggestion, feel free to post your question in the Lockergnome forums, at help.lockergnome.com. [Brian]


Author Comment

ID: 17073819
I did the tasklist command and here is the list:

1.) svchost.exe
        DcomLaunch, TermService

2.) svchost.exe
-----------I have verified the above two instances of svchost.exe to be running valid items.  (I have the same on my PC which is running fine and is on the same LAN)-----------------------------------------------------------------------------------

3.) svchost.exe
       AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, helpsvc, HidServ, Lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, w32time, winmgmt, wuauserv
LVL 59

Expert Comment

ID: 17074726
I will looking at the others for your entry 3 above (most I recognize) but one I see is bad:

LVL 59

Expert Comment

ID: 17074756
Here's another one that looks like it might be bad:


shellHWdetection MIGHT be this one:


TrkWks looks like this:

LVL 59

Accepted Solution

LeeTutor earned 250 total points
ID: 17074765
You might also try this free program (HijackThis):


HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  


and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  scroll down where you will see a Save Analysis button, hit it and it will save your Log Analysis (for a period of three days), then copy the link of that page and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

HijackThis Quick Start

HijackThis log tutorial

Author Comment

ID: 17076683
 OK.  I have experience with the program and will run it on the user's laptop.  The only thing is, he is out of the office and I don't know when he'll be back (most likely this week).  I will repost if I find out he won't be in or I I'm able to get onto his PC.  Hang tight.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Toshiba Satellite 5 161
outlook PST max size limit 3 126
Exchange & AD management console 2 112
Old Xray equipment running on Win XP so can't upgrade to the latest Eaglesoft 10 80
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question