If you need to find out the last modified date for a service in Windows, there are a few different ways to do it. The easiest way is to open the Services window by clicking on the Start button and typing services into the search box. Once the Services window is open, click on the name of the service you want to find the last modified date for. The last modified date will be displayed in the Properties window. If you want to find out the last modified date for all services on your computer, you can use a command line tool called wmic. To use this tool, open a command prompt by clicking on Start and typing cmd into the search box. Once you have opened a command prompt, type wmic service name where service name is the name of the service you want to find information about. For example, if I wanted to find out information about my computer’s printer service, I would type wmic printer where printer is the name of my printer service. The last modified date for my printer service would be displayed in response to my command. whichever method you choose, be sure to keep track of your results so that you can easily reference them if needed ..

If you have a compromised Windows system and want to analyze when services were installed or modified, then how do you do that? Today’s SuperUser Q&A post has the answers to a curious reader’s question.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Notepad screenshot courtesy of Flyk (SuperUser).

The Question

SuperUser reader Lucas Kauffman wants to know how to find the Creation Date (or Last Modified Date) for services in Windows:

How do you find the Creation Date or Last Modified Date for services in Windows?

The Answer

SuperUser contributors Flyk and Andrew Medico have the answer for us. First up, Flyk:

Followed by the answer from Andrew Medico:

There is, however, a Last Modified Date that is hidden away from view (even in the Windows registry editor), but it can be accessed using RegQueryInfoKey. Since all Windows services are stored in the registry, you can check the Last Modified Date against the registry keys related to the service in question by looking in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.

Alternatively, if you export the registry keys you want information about as text file, you will see the Last Modified Date for each key is written in the text file.

Finally, a solution using PowerShell to return the Last Modified Date has already been discussed on Stack Overflow.

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

For example, the following command:

Produced the following event log entry: