In Windows, there's little worse than dealing with a Blue Screen of Death, or BSOD for short. Aside from being cryptic and difficult to decipher -- especially since some BSODs can have multiple causes -- they're just plain annoying. Granted, BSODs happen much less frequently these days, but when they do it's no less of a chore. After dealing with a whole slew of BSODs the other month -- which turned out to be a hardware issue -- I hunted around for tools to help analyze BSODs and found one that did the job and more: BlueScreenView.
When a BSOD occurs the results are, whenever possible, saved into a dump file that can be examined later. BlueScreenView scans your system for these files and produces a report from them, which you can read within BlueScreenView itself or save to HTML for separate analysis. Each line in the report describes the BSOD's crash code, the time and date of its occurrence, any parameters that might have been passed with the crash (useful for debugging), and a slew of other minor details. The results are searchable, so you can hunt for a particular crash code, driver, or DLL that you think might be present.
Another thing BlueScreenView does is list all of the device drivers that were running at the time of the crash. If a particular driver was listed as the cause of the crash, it's flagged and displayed in red. You can filter out all the other drivers that were loaded at the time if you just want to focus on the culprit. You can also load dump files copied in from elsewhere by pointing to a folder, or even from computers accessible across the local network (provided you have permission to do so).
One minor annoyance with BlueScreenView involves the reporting function. If you want to print out both a crash message and its attendant driver stack, you have to treat them as separate reports. That said, the core crash message typically lists the offending driver; if nothing else, you can use the basic BSOD report to derive all the most crucial information.
One of the great banes of any Windows user's life is software that insists on shoehorning things into the system to launch at startup, whether or not you actually need or want any of it. Scanner and printer drivers are among the worst offenders in this regard. They often insist on installing a bunch of system-tray-resident utilities of dubious usefulness.
Autoruns -- by Mark Russinovich, of Process Explorer fame -- not only roots out these annoyances, but it comes in handy for so many other things that it's simply indispensible. Autoruns probes your system and dumps out lists of programs and system components that start automatically, without user intervention -- from apps in your Startup folder to scheduled tasks, from services to device drivers, from Sidebar gadgets to codecs. By default it dumps out data pertinent to the current user context, but the program's User menu lets you switch contexts. (You'll need to run the program as Administrator, though.)
Autoruns organizes its views into the system by tabs (Logon, Services, Explorer, Internet Explorer, Drivers), making it easy to drill down to the entries you're most concerned about. You can disable any app or service without actually deleting it, simply by unchecking a box, or you can remove it entirely with a selection from the right-click menu. That same menu also has options for jumping to the service's entry in the Registry, verifying its code signature, and looking it up on Google.
Select Options | Hide Microsoft and Windows Entries, and when you next run Autoruns or click Refresh, you'll see only third-party applications -- a handy way to focus only on programs added to Windows after the fact and, thus, might be a problem. If Process Explorer is currently running, you can right-click on an item and bring up its Properties pane in Process Explorer, assuming said item is actually running.
Autoruns also comes in a command-line version, which can be used with scripts or other automation. Finally, check out a video for some neat Autoruns usage tips, from Mark Russinovich himself.