Troubleshooting Windows Services auto-start

Quite often, Windows services fail to start automatically due to Registry incorrect modifications or even worse, registry corruption. Every service when installed creates a key in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Service Name> while a subkey with the name of Start (for Auto-start) is created under the service name.  I have encountered many incidents that these subkeys were modified either by a valid third-party application or some malware. Critical system services such as, the Task Scheduler can only have their auto-start state changed from the registry as this is disabled (grayed-out) from the services console. To learn more about Windows services tools visit Managing Services in Windows 7

It is very difficult to find how and why these subkeys are being modified, hence I decided to code an executable that monitors Services Start registry subkeys and alerts you if one of the keys you have specified has been modified.

The Service Registry Key Checker (RKC) allows you to specify a number of services and their respective registry Start value, then it queries the registry to compare the values, and if a mismatch is found it alerts you with a pop-up message. The application monitors just the service Start subkey.

There is no installation involved, just download it and run it. RKC is a basic application that queries (read-only) the registry indirectly; hence it is double-safe as it is unable to make changes to the registry and it does not call the registry directly but through a system command.

RKC can be executed once, but I suggest to use the in-built timer by selecting either the every minute or hourly radio button as to keep monitoring for any possible changes. This would be ideal during major system changes such as, when installing/uninstalling applications which you may consider problematic. Every time you select an interval (once, every minute or hourly) you need to hit the Run button so that the new run settings are invoked while the previous ones are cancelled.

To add an entry, type in the service name together with the correct Start value (1 digit) in the top text boxes.  Make sure it is typed correctly and it is a valid service. Then press the Add Service button. You can check the service name and Start value from the registry. After you add the required services’ names to monitor, make sure that you press the Save Entries button.

To remove an entry from the list, just type in the service name in the top text box and press the Remove Service button. If you want to remove all entries, just leave the top text box empty and press the Remove Service button. Then press the Save Entries button.

The Save Entries button grabs the entries together with the respective Start values from the display text box and creates a text file called rkc.txt in the user’s homepath, for example: c:\users\username. This is the only file that the application creates when run.

The Run button timers (every minute or hour) have a threshold of how many alert message boxes pop-up. When this threshold is reached a message box appears indicating such event while the timer process is killed. This functionality will prevent that the application fills the screen with message boxes in case the end-user is away from the computer while the application is running. Remember, that if the Run button is dimmed, the timer is not running and you need to press the Run button to start a fresh new process.

:) Download Service Registry Key Checker