Svchost.exe errors could be quite tricky because of many different services which can hide behind svchost.exe process name. The most common error related to svchost.exe is:
Svchost.exe - Application Error
The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read".
It is very hard for unexperienced user to deal with this error since there is almost nothing in this error message which can give further hints besides process name and two numbers. And numbers usually won’t get you anywhere since there are thousands errors codes in windows and they could occur in tons of variations.
That is why your next step is to figure out what exactly failed.
Figure out which service group failed under svchost.exe
If you read first page of this site you already know that svchost.exe is used by Windows as a hosting process for various Windows Services groups. That’s why when svchost.exe error happens your main goal is to fugure out which specific windows service failed.
To do this you need to go to the Event Viewer application. This application in any Windows version is responsible for tracking various events which happen in Windows. Here is instructions how to run it:
- XP: Click Start->Run… In a Run window type eventvwr.msc into edit box and click Run button.
- Vista: Click Start. In “Start Search” box type “Event Viewer” and press Enter.
Once Event Viewer is started you need to find Application and System errors which occured around the time when svchost.exe process failed last time.
On a screenshot below you can see how it looks on Windows Vista. Once you click on “Application” or “System” items you will see a long list of events which occurred in operating system. You need to find Error events (marked with red exclamation sign) which happened during the time svchost.exe failure and carefully investigate their details. You need to specifically look into events where you see svchost or svchost.exe in them. Depending on a type of error there could be just one or two errors in Event Viewer but in some bad cases there could be dozens of them. Try to look carefully through them – there is a good chance you can find a file which caused error there.
If you found any errors which contains svchost.exe in them try to see if any of them contain string similar to:
svchost.exe -k [some name].
If you found such an error then your problem is significantly narrowed to a specific svchost.exe process. You need to record a name which shows up in [some name] above. Suppose it was a “svchost.exe -k LocalSystemNetworkRestricted”.
Figure out which service caused an error
Next step is to figure out what services were supposed to run under “svchost.exe -k LocalSystemNetworkRestricted”. To do this you need to run another windows application called regedit.exe.
- XP: Click Start->Run… In a Run window type regedit.exe into edit box and click Run button.
- Vista: Click Start. In “Start Search” box type “regedit” and press Enter.
Once Registry Editor windows starts select Edit->Find… in menu, type svchost.exe -k LocalSystemNetworkRestricted there and press enter. This will find you all services running in this group (note that it will only show you one service at a time – you have to press F3 on a keyboard to go to the next search result).
Below is an example of service description which you can find.
Most interesting field here is DisplayName. It contains Windows Service file name which was running as part of the svchost.exe service group which failed. Try checking all of the DisplayNames you find on the internet and see if there are any complaints about them which seem relevant to you.