Image

Troubleshooting Windows Services auto-start

Quite often, Windows services fail to start automatically due to Registry incorrect modifications or even worse, registry corruption. Every service when installed creates a key in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Service Name> while a subkey with the name of Start (for Auto-start) is created under the service name.  I have encountered many incidents that these subkeys were modified either by a valid third-party application or some malware. Critical system services such as, the Task Scheduler can only have their auto-start state changed from the registry as this is disabled (grayed-out) from the services console. To learn more about Windows services tools visit Managing Services in Windows 7

It is very difficult to find how and why these subkeys are being modified, hence I decided to code an executable that monitors Services Start registry subkeys and alerts you if one of the keys you have specified has been modified.

Continue reading