• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 539
  • Last Modified:

Svchost.exe error when logging in to Windows.

 A user at my work is recieving a svchost.exe error.  The following error is what is displayed on his screen when HE LOGS INTO WINDOWS (XP Pro):

The instruction at "0x10057530" referenced memory at "0x00000000".  The memory could not be "written".

  Click on OK to terminate the program

  Click on CANCEL to debug the program

When the user click's OK, the usual windows error reporting window comes up prompting for you to report the error.

**The user has a laptop with Symantec Anti-Virus protection, Service Pack 2, ALL of the latest updates as of about a week ago and has been formatted from scratch about 3 weeks ago right out of the Dell box.  It also has Windows Defender and that has the latest definitons as well.**

  I don't know if this error has anything to do with it, but when HE LOGS OUT OF WINDOWS he recieves a IreIKE.exe error message that displays similar information as the error message above.  I couldn't write down all of the error message because it only appears when the screen displays "Closing network conections.... Saving settings..." etc.  and then disappers because the PC has shut down.

**Both of the error messages are displayed at which appears to be random intervals.  For example, when I first found out about the error message I restarted the computer 3 times and did a complete shutdown 4 times.  The first error message was only displayed once and the second error message was diplayed twice.**
  • 5
  • 5
1 Solution
Well, here's a page about IreIKE:


My own suspicion is that you have viruses/trojans/other malware.  Some free online virus scanners:




Also try these free programs to rid your system of spyware, trojans, and other malware:

Spybot - Search & Destroy

LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.
Swamp_ThingAuthor Commented:
I will repost in a few minutes but this post is in response to it being a virus.  My boss already suggested that I scan using TrendMicro's free online scan and it didn't turn up anything at all.  I did the full system scan.  In addition I had read that the svchost.exe could be associated with the Blaster worm so I ran a scan tool for the worm and it didn't turn up any results either.  We also use Windows Defender which reported back with no issues found after a full system scan and Symantec Network Anti-Virus Client which also reported back with no issues after a full system scan as well.
Swamp_ThingAuthor Commented:
I know that the IreIKE file is associated with our VPN client but it looks like I need to contact SafeNet tech support about it because my boss who just recently went on a business trip, is recieving the same message.  Not only is the IreIKE file associated with the VPN, it is actually created during the install of the VPN client in the SafeNet\NetScreen Remote folder.
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Swamp_ThingAuthor Commented:
 We use both SpyBot and AdAware on our machines and neither found anything big, just the usual issues that are linked to cookies, etc.
Perhaps you can find out a bit more about what Svchost.exe is connected to:

from Lockergnome, 1-28-03 edition:

Question: How do I find out what is starting a service on my computer? The name of the service is svchost.exe and the user name is Local Service. It starts with the first logon and eats a consistent 25-35% of CPU processing time. I have ended the process using the Windows Task Manager and have not had any problems. Any insight would be appreciated.
Answer: I think we can shed a little light on your svchost.exe problem. You didn't say whether you are using Windows XP or Windows 2000, so I will try to give the information for both. First, let's address what the svchost.exe program is used for. As quoted from Microsoft Knowledge Base Article - 314056: "At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging." In layman's terms, it is basically an easy way for your computer to execute a lot of DLL files that are needed at startup. So instead of just ending one of the instances of svchost.exe, we need to find what set of DLLs might be causing your processing problem.

In Windows XP, you can get a list of running services by going to Start | Run | type "CMD" | click OK. Type "tasklist /svc" (sans quotes) and then press Enter. Now you will have a list of every DLL running under each svchost.exe instance. For Windows 2000, you need to extract the Tlist.exe utility from the Support.cab file on your Windows 2000 installation CD. You still need to open a command window, but you will need to navigate to where you extracted the Tlist.exe file to, type "tlist -s" (sans quotes), and then press Enter.

For more information, see Microsoft Knowledge Base Article - 250320. Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost. Also, each svchost group extracts its service names from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ . Be sure to back up the registry key you are configuring before you make a change. You do this by browsing the desired registry key, and then going to File | Export. Follow the prompts, and you will now have a way to bring back that registry key (if you accidentally damaged it). I hope this helps to answer your question, but if you're still hunting for an answer after trying this suggestion, feel free to post your question in the Lockergnome forums, at help.lockergnome.com. [Brian]

Swamp_ThingAuthor Commented:
I did the tasklist command and here is the list:

1.) svchost.exe
        DcomLaunch, TermService

2.) svchost.exe
-----------I have verified the above two instances of svchost.exe to be running valid items.  (I have the same on my PC which is running fine and is on the same LAN)-----------------------------------------------------------------------------------

3.) svchost.exe
       AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, helpsvc, HidServ, Lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, w32time, winmgmt, wuauserv
I will looking at the others for your entry 3 above (most I recognize) but one I see is bad:

Here's another one that looks like it might be bad:


shellHWdetection MIGHT be this one:


TrkWks looks like this:

You might also try this free program (HijackThis):


HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  


and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  scroll down where you will see a Save Analysis button, hit it and it will save your Log Analysis (for a period of three days), then copy the link of that page and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

HijackThis Quick Start

HijackThis log tutorial
Swamp_ThingAuthor Commented:
 OK.  I have experience with the program and will run it on the user's laptop.  The only thing is, he is out of the office and I don't know when he'll be back (most likely this week).  I will repost if I find out he won't be in or I I'm able to get onto his PC.  Hang tight.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now