How to find and fix PC problems with ease

Monitor changes to your PC's Registry, file system and drivers with Microsoft's System State Analyzer

Microsoft System Analyzer Snapshot

You've installed a new application, but then found that another program has stopped working. When you uninstall the troublesome app, everything goes back to normal. Clearly there's some kind of conflict going on here. But where?

Diagnosing problems like this can be incredibly difficult, because there are just so many possibilities. Don't give up, though: there's a free tool that could provide all the answers.

Windows' System State Analyzer is a little-known Microsoft program that, in a few clicks, will take snapshots of your PC, then let you compare two and display the differences. Use it in a situation like this and you'll discover exactly the information you need to diagnose conflicts.

But that's not all. Using System State Analyzer (SSA) before and after an installation can identify the unwanted 'extras' included with a program – adware, browser helper objects and so on.

It can also help you to confirm that an uninstall program really has removed every trace of an application (and if it hasn't, you can see exactly what's left behind). It may be obscure, but the SSA is one of Microsoft's most interesting tools – and you'll benefit from having your own copy.

Set up the program

Windows SSA is included in Microsoft's Software Certification Toolkit, which as you might guess, isn't aimed at the average home PC user. It's not easy to find, either, but if you point your browser at the Windows Server 2008 pages and look down the page, you'll find a 'Certification Test Tool' heading.

Below that are download links for both the 32-bit and 64-bit toolkits, both of which will run on Windows 7, Vista and Server 2008. Grab the one you need and install it with the default settings.

After you've downloaded the toolkit, click 'Start', type windows system and click the 'Windows System State Analyzer' link to launch the program.

Broswer ssa

BROWSE AWAY: A browser-based SSA report provides more details, here including the services that had been added and modified between our two snapshots

It works by creating a snapshot of your PC – something that completely describes its files, Registry keys, services and drivers. It's usually a surprisingly quick process, taking around three minutes on an uncluttered, high-end PC.

If you have an older system, though, we found analysis could take an hour or more, so if you're just taking a snapshot for the purposes of assessing a regular program installation, it might be worth restricting the details you ask the SSA to examine.

Click 'Tools' > 'Options', select all drives other than the system partition (assuming that's where the program will be installed), and click 'Remove'.

In extreme cases, you could also remove your system partition, then restore just a specific folder.

Adding just C:\Windows, for instance, would record any changes in that and any other subfolders, but cut your scan time to a minimum. These could mean you'll miss out on changes to other folders, though, so we'd only recommend you try this if you find that SSA is very slow.

Choose exactly which areas you would like to include in the snapshot, then, and click 'OK' toconfirm the changes.

Take some snapshots

The simplest way to test SSA is to create one snapshot, install a reasonably complex program, create a second snapshot and then compare them both. Our recommendation would be a security tool, something like PC Tools Spyware Doctor – a program that will install drivers and services, and generally give you an interesting report.

Download whatever application you intend to install, then close your browser and any other programs you might have running. Once your system is suitably free of active programs, switch back to SSA and click the 'Start' button in the left-hand pane. Then just leave it to do its work.

The snapshot should be complete in just a few minutes, but if it's not, don't open other apps: it'll only create extra system changes and so reduce the usefulness of the snapshot.

Once the first snapshot has been created, close SSA and install whatever program you chose for the test. Do this just as though you were installing the program for real, and reboot when you're done, if the setup program asks you to do so.

Finally, reload the SSA and click the 'Start' button in the right-hand pane to create the second snapshot. It'll take roughly the same amount of time as the first.

Produce some results

Once the SSA reports that it's finished the second scan, you might be tempted to click the Quick Comparison tab to examine the results.

However, some poor interface design means you can select the tab before it's actually been populated with anything useful; what you have to do is click the 'Compare' button, then wait as SSA itemises the differences.

The comparison process, in our experience, doesn't take long. You'll also be asked if you want to create a detailed report. Click 'Yes', point the program at the folder where you'd like to save the report, and name it. Then wait while the report is generated.

More dubious interface design means that SSA will now appear to have locked up. Don't worry, though – the program hasn't crashed, it's just busy working on the report. Eventually a window will appear and you'll finally be able to see exactly what's changed between the two snapshots.

Read the reports

Minimise the HTML report for the moment, and click the Quick Comparison tab for an instant look at how your PC setup has changed. You'll immediately see just how useful SSA can be.

Quick comparison

FULL DISCLOSURE: So which files has that setup program added to your system? The Quick Comparison view reveals all (in a lot of detail)

Our Spyware Doctor test comparison, for example, revealed immediately that the program had added three services to our PC's configuration, and told us all about them.

The program had also added a kernel driver to our PC, and SSA revealed that it had also modified another driver, Winsock IFS, in order to intercept network traffic. That's expected and completely acceptable for a security tool, but if you were monitoring a simpler installation and noticed it did this, that should raise an alert.

You're also able to view the files that have been added to your PC (signed, unsigned and any manifests), along with any that have been deleted or modified. This is generally less useful than you'd expect, as it's cluttered with a lot of temporary files created during the setup process.

And of course you can also browse new, deleted or modified Registry keys in each hive ('HKEY_CURRENT_USER', 'HKEY_LOCAL_MACHINE', and so on). Again, there's a lot of setup-related details that won't mean a lot, but fortunately the list is sorted by key name, so you can scroll through the less useful information in seconds.

Go more in-depth

While the Quick Comparison view generally works well, you will occasionally run into problems. In our Spyware Doctor test, for instance, we noticed that the SSA was reporting more than 16,000 additions to the 'HKEY_LOCAL_MACHINE' Registry hive.

Yes, really – 16,000. And to make it even worse, Quick Comparison only lets you view this in blocks of 1,000 keys, so navigating the full list is tedious in the extreme.

Fortunately there's an easy answer when you run into such limitations: switch to the browser-based detailed report that you created earlier. (Or, if you didn't, click the 'Detailed Report' button in the Quick Comparison window.)

SSA options

NARROW IT DOWN: Want to track just files, the Registry, services or drivers – or a combination? The System State Analyzer will record only the changes you require

This version of the report contains everything you've seen so far, but also breaks the changes down even further. Instead of simply detailing new, modified or deleted files, it now splits the list into sections dealing with DLLs, executables, drivers and more.

And in other sections, if you're unlucky enough to have tens of thousands of entries to examine, they're all available on a single web page, allowing you to scroll down the list, or search for particular text to jump straight to the entry you need.

The Windows System State Analyzer is far from perfect, then. It's on the slow side, the interface needs work, and we found it hung occasionally on one Vista system for no apparent reason.

But, on the other hand, it's free, easy to use and delivers invaluable diagnostic reports on how your PC setup has changed over time, information you can't easily obtain in any other way.

You certainly won't use it on a daily basis, but the SSA is still a very useful tool on occasion, and should be a key part of everyone's PC troubleshooting toolkit.


First published in PC Plus Issue 296

Liked this? Then check out 67 Windows 7 tips, tricks and secrets

Sign up for TechRadar's free Weird Week in Tech newsletter
Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at

Follow TechRadar on Twitter * Find us on Facebook

Article continues below