Utility SpotlightChange Analysis Diagnostic

Lance Whitney

One of the PCs you support has just caught a new bug—maybe it's freezing or crashing, maybe some application has stopped working. Naturally, it's up to you to fix it. Sometimes the culprit can be a conflict with a recent change—a new application, an update, a driver. So how can you find out what's been recently installed? The Microsoft Change Analysis Diagnostic tool will tell you. This free utility scans a computer running Windows XP to reveal all the recent modifications.


The Change Analysis Diagnostic tool identifies changes that occur on PCs (Click the image for a larger view)

Change Analysis Diagnostic scans for six distinct categories of changes:

  1. Software Programs—installed applications, such as those listed in Add/Remove Programs
  2. Windows hotfixes and other OS updates
  3. Windows drivers and services
  4. ActiveX controls downloaded via Internet Explorer
  5. Browser Helper Objects (BHOs)—typically toolbars and other items that load with your browser
  6. Auto-Start Extensibility Points (ASEPs)—programs that start automatically without user action.

Download the file, WindowsXP-KB924732-x86-ENU.exe, and run it in order to install. Just click on Start and choose the Run command. In the Open: field, type statechangediag. The file itself, statechangediag.exe, is stored in the directory named c:\windows\pchealth\helpctr\binaries\.

After the tool loads, you determine how far back to scan for changes—7 days, 14 days, 21 days, or a duration of your own choosing, which you set from an onscreen calendar. The scan takes a few minutes to run. The results are then saved as an XML file, which you can save and/or view through your Web browser. By default, the results file, scdiag.xml, is stored in the c:\documents and settings\username directory with its XSL stylesheet, scstyle.xsl.

The results report lists each change in its own separate table, with specific stats based on the category of change. For most categories, you'll see the Application Name or Filename and directory path, the Installation Date, and the Change Type (identified as "Create" if the program was installed, "Delete" if removed, and "Modify" if changed). Hotfixes and updates include a link to Microsoft Knowledge Base articles. ActiveX controls, BHOs, and ASEPs display their associated registry keys.

By default, the tool runs in Wizard mode, but you can also run it at a command line with the following options:

Nogui runs the tool in a console window instead of the GUI-based Wizard.

Verbose changes the output log to verbose, providing more detailed error messages.

History lets you specify the number of previous days to scan for changes. Seven days is the default. Enter the number of days after the -history string.

You can analyze the report yourself or work with Microsoft support to identify any recent changes that might be affecting the computer. Change Analysis Diagnostic uses Windows System Restore data to determine all recent changes. Therefore, it requires that System Restore be turned on and restore points have been created. As its name indicates, the tool runs only on Windows XP systems, and only those with SP2 or higher.

Lance Whitney is an IT consultant, trainer, and technical writer. He has spent countless hours tweaking Windows workstations and servers. Originally a journalist, he took a blind leap into the IT world 15 years ago.