Windows & Internet Cleaner v2.10 serial key or number

Warning

WinCleaner is not designed to clean viruses and malware from PCs and Laptops. And it may not work properly on a computer that is infected. If you suspect your PC or Laptop is infected, use an anti-virus program to scan your PC first.

Some infected PC Symptoms

• All types of pop-ups
• Computer running very slow
• Programs won’t start
• No Internet connection
• Internet surfing very slow
• Browser opens many windows

Quick Start Guide

Watch a step-by-step video at: View Help Video

1. General & Installation

1.1. Few Words on Start

Keeping your PC running faster, smoother and trouble free in just one click, for over 14 years! The latest version 12, continues this tradition.

1.2. Installation & Updates

1. After ensuring that your PC has been screened for viruses and malware, Insert the WinCleaner USB into your PC’s USB port and wait for up to 30 seconds.
2. If the AutoPlay window launches, click START WinCleaner OneClick Installer and jump to step 6.
3. If the AutoPlay window does not appear, click the START button on your computer’s desktop and select Computer form the Menu.
4. Right click the icon for the USB flash drive and select Open.

BLANK USB? – On certain PCs or Laptops, Windows is unable to read the USB drive and it may appear to be blank. If this applies to you, no worries. Simply go to our website: wincleaner.org/download and you can instantly download the Setup.exe file. ( Serial key is required for the download.)

5. Double click Setup.exe file. Click Run or Yes if a security window appears.
6. Follow the Setup Wizard instructions on your screen. Click Close to exit when done.

1.3. To Run WinCleaner OneClick

Click the WinCleaner icon on your desktop. If there is no icon, click the Windows START button. From the menu that appears, select All Programs. From that list of Programs, select WinCleaner OneClick Professional. Within a few seconds, WinCleaner will run and the activation window will appear.

1.4. To Activate WinCleaner OneClick

1. Enter the Serial Key(s) exactly as printed on the blister card or printed paper that came with your WinCleaner product.The hyphens will be filled in for you.
2. Then click the Activate Now button. Once activated, you will get the message Congratulations! This means your activation was successful.
3. If you get an Internet Connection Error Message, you may have an Active Firewall.
4. Turn off your Firewall or give it permission to allow WinCleaner to access the Internet, then try again to activate. ( For Firewall help and other quick questions, call us 24/7 at: 1-877-861-3060 - U.S. only).
5. Once activated, click Close button to continue.

1.5. Using WinCleaner OneClick

Make sure you close all programs before running WinCleaner.

1. Double click the WinCleaner Icon on your Windows desktop
2. Click the Windows START button, and then select All Programs. Scroll down to WinCleaner OneClick Professional Folder and click on it. Then click on the WinCleaner OneClick Professional option. You can always watch a step-by-step video on how to do this at: View Help Video

2.WinCleaner Main Screen

This screen has the OneClick button to carry out a safe, automatic cleanup of you PC. On the right hand side you have the Status Box. This keeps track of the last time you cleaned you PC, the amount of items and clutter removed and shows you your serial key as well as subscription status.

2.1. Subscription Status

Click on the Expires date to bring up your Subscription Status Window. – Click here for a detailed explanation.

3. OneClick CleanUp

Each of the listed items will be scanned and the total number of items or errors found will appear on the left.

When the scan is complete, you will see the Scan Complete Window. It shows you the total number of Items found and total amount of Clutter. At this point you have the following options.

1. Click Clean-Up button to confirm the cleanup. All found clutter will be removed and all errors will be fixed.

2. You also have the OPTION of shredding all clutter and junk files to ensure they can never be undeleted. To choose this option click on the Advanced Options button.

3.1. Advanced Options Extended Window

When you click the Advanced Options button, the Window will extend lower and you can choose from two options Two file shredding options.

1. Delete Temp and Junk files without making a backup! – if you choose this option, the files that are deleted will not be backed up, incase you change your mind. Although WinCleaner is very safe, there maybe a case where you might want to UNDO the cleanup and if you choose this option you will not be able to UNDO the clean up afterwards. (This option is not recommended unless you really do not have much room left on your hard disk!)

2. Check this box to Securely Delete (Destroy) the files that will be deleted. If you choose to check this box, all the files that will be deleted will be overwritten to ensure that the data is permanently removed so it cannot be undeleted afterwards. There are 3 types of Secure Deletion methods to choose from. Each method is explained when you select it. The One pass is the fastest and the DOD method is the slowest and will add 1 hour or more to the cleaning time.

After making your selection, click the Clean-Up button to finish the cleaning process.

When complete, click the Close button and you will see the Main WinCleaner Screen again. To close WinCleaner and Exit, click on the red “X” in the upper right hand corner of the screen.

4. More

On the main WinCleaner Screen there is a MORE button at the bottom. When you click on this, the front panel will slide up and you will see 9 more buttons.

The top 8 buttons each allow you to carry out the cleaning functions individually with more details and flexibility. These features are not recommended for novice users. If you are not sure of what you are doing, always use the Automatic OneClick options.

Each of the individual functions are explained in detail below. We will start with theWinJunk Cleaner feature.

5. WinJunk Cleaner

WinJunk Cleaner will allow you to scan your PC, or network or other selected drive like an USB drive for unnecessary Junk files. This is the same as the OneClick option, however you will actually see each file listed as it is found. To commence the Scan, click the Start button. Once the scan is finished, you can scan through the list and uncheck any files you want to keep, or delete them all.

5.1. Advanced Options For Junk Cleaner

If you click on the Advance Options button at the bottom left side of the Window, it will bring up a new window with two area of file types. The top portion has 6 types of junk files that are preselected that WinJunk cleaner scans for. The bottom portion has additional file types that you can select and WinJunk File will look for them as well.

WARNING: If you are not familiar with the file extension, do not check the unchecked file types as you may lose files you do not want deleted.

To see what each of of additional file types can be found, select an option. For example: Graphic Files – then click on the Edit button at the bottom to bring up a widow with a list of extensions that make up the list of Graphic files. Repeat the same procedure for any of the other options.

If you want to add to the Options list with you own label and file types, click on the Add .button. The Delete button will remove any selected option from the List.

If you make changes, you need to click on the Accept button to save the changes made.

6. WinReg Cleaner

WinReg Cleaner will scan the Window ‘s Registry for errors, redundant and orphaned registry entries. Windows checks the Registry thousands of time every second and the less unnecessary entries it has to scan through the better the PC performs. With WinReg Cleaner you can carry out a scan and all errors, redundant and orphan entries will be listed. Once done you can scroll through the list, and check and uncheck any of the items. Once done you can click on the Remove Checked button at the bottom to delete the entries.

Note: The Windows Registry is like a Tree. Each time you run OneClick or the WinReg Option, it removes the outer branches first. Once they are cleaned it goes it deeper. As a result if you run WinReg a few times, you may continue to find entries. But do not worry, eventually all will be found and removed.

6.1. Advanced Options For Reg Cleaner

If you click on the Advanced Options button a window with all the areas of the areas of the Window Registry will be listed. You can unselect any area you do not want scanned. Again this is best left as selected, unless you are an advance user. For most novice users, we recommend you only use the Automatic OneClick option.

7. WinNet Cleaner

WinNet Cleaner will clean all the Internet files and images that are stored on your hard disk. Windows saves all images, cookies and other items on your hard disk from every webpage you visit. These items are not necessary as they can always be retrieved by visiting the same webpage again.

Also this exposes your privacy in that anyone can look at these items and now where you have been surfing and what you have been looking at. In the case of cookies, websites that you visit can trace your route and also track your surfing and buying habits.

The Winnet Windows will show you a list of browsers installed on your PC or Laptop at the top. You can selector unselect any of them if you do not want to remove the clutter and images associated with them. On the bottom half of the window is a list of areas that will be cleaned in the browser. Again you can check or uncheck any of the options.

7.1.Protecting Cookies

Cookies you wish to protect, so that they are not deleted by WinCleaner One-Click or WinNet Cleaner, can be selected and moved to the protected area. Select the cookie and then click on the Protect Selected button.

Note: To select multiple cookies, hold down the CTRL key and make your selections.To select a range of cookies in a row, select one cookie, then hold down the SHIFT key and click on the last cookie in the range. The entire range of cookies will be selected.

8. WinPrivacy Cleaner

Privacy items are lists of recently accessed documents and files that are kept by Windows and other popular third party software. The reason for making these recently accessed files and documents list is to quickly access or reload the last file or document you were working on. However, these lists also allow others to see what you have been doing on your PC or what files and documents you have been working on. By removing these lists, you protect your privacy.

WinPrivacy Cleaner windows is very straightforward. The Windows will show you preselected list of Privacy Items on your PC. Any lists that actually contain entries will be highlighted. If you want to remove these entries, click the check box beside the entry and then click the REMOVE CHECKED button.

Click on the CLOSE button to exit the window.

9.WinShortCut Cleaner

The shortcut cleaner will remove any broken shortcut on your PC as well as any empty shortcut folders. Broken shortcuts may not seem to be doing anything, but Windows always tries to find the associated files with the shortcut. This slows down Windows startups. By deleting them, you will notice an improvement in your boot up time.

To use this screen, click on the area you would like to scan. We recommend that you use the default setting first and after you remove any broken shortcuts found under the START MENU item, try scanning the ALL LOCAL HARD DRIVE category. You may find many empty folders here as well.

All found entries will be listed. You can uncheck any entries you do not wish to delete. You can also right click your mouse on any entry to bring up a Pop-Up menu that will allow you to check all entries, uncheck all entries or inverse your selection.

To remove your selected entries, click the REMOVED CHECKED button.

Once finished, click he CLOSE button to exit.

DISREGARD SHORTCUTS POINTING TO FILE ON section, allows you to ignore additional USB and network drives. If you uncheck the appropriate button, the software will attempt to scan these other drives as well.

10. WinStartup Cleaner

WinStartup cleaner is the most intelligent way to prevent unused apps or programs from automatically starting in the background when you turn on your PC and slowing down your start up time and bogging down your PCs performance.

When you select the Option, you will see a explanation window. After reading it you can click the CLOSE button to continue. There are two options at the top to choose from.

10.1. SmartStart Profiles

When you select the OneClick option, the default setting is AUTO OPTIMIZE. This setting enables required and optional programs in the Startup of Windows. All redundant and even dangerous applications are prevented from starting up if they have inserted themselves into the Windows Startup File.

Using the WinStart Cleaner option, you can change the settings as follows.

Auto Optimize (Aggressive) - This setting will only allow Windows required programs from loading. For example, programs like Adobe Acrobat, Quicktime, MSN messenger etc. are programs that can load when you click on the icon and do not have to be sitting in the background. This will speed up the startup and also help your PC's performance.

Clean System Mode - This setting prevents all programs from starting up at boot up. Only your Windows and relevant files will load. By selecting this option you can dedicate all of your PC's processor power to the program you choose to run. So, if you want to just play a game, or you want to use your movie editing software then your CPU will be able to dedicate itself to just this task.

Full Mode - This setting turns off the WinStartup's ability to control what programs are loaded at startup. By selecting this option, WinStartup allows everything in your Windows Startup to load.

10.2. Select or Modify Custom Profile

If you would like to create your own CUSTOM setting, you can do so by clicking the radial button beside the SELECT or MODIFY CUSTOM PROFILE option at the top of the window. This will bring up the following new window.

All of the programs that are set to startup are listed in this window. You can scroll up and down and view them. Each entry that you click on will be explained in the three fields below the scrollable area.

Before you proceed to make any changes, you should give your profile a NAME. Click the GREEN circle with the white plus sign in it button located beside the CURRENT STARTUP CONFIGURATION drop down choice.

You can change the programs status.

At each entry, if you right click your mouse button, the following popup menu will appear.

This menu has 7 choices and are easy to understand. If you do not wish to let the particular program run, select to disable it. It will be marked with a red X. If you would like to completely remove it from the list, because you are quite certain you do not need to have it run at startup automatically, you can select to delete the entry completely.

The other options allow you to see the programs properties, open up the folder in which the file can be found, you can refresh the list in case you have deleted an entry or you can go ahead and run the application to see what comes up.

Once you determine your particular custom Startup configuration, you can choose to APPLY the settings. When you click the APPLY button the following confirmation window will appear.

11. WinUnInstall Wizard

You can add new apps to your Windows PC, however sometimes it is not easy to remove the new apps or programs. If the installation log file becomes corrupt, Windows Add/Remove program will not work.

In this case, WinCleaner uninstall wizard can forcefully remove the apps or programs for you. Simply select the option and follow the instructions. The first screen after the instruction window will show you a list of apps or programs on your computer. All Apps or Programs with a Green Check mark beside it means the Uninstall Log file is present and it can be successfully uninstalled. Simply select it and click the Uninstall Item button at the bottom.

If the App or Program has a RED “X” beside it, this means the Log file is corrupt and the Uninstall link is broken. You can select it and click the Remove Item button at the bottom.

App or Program Missing From List

If the App or Program you would like to remove is missing from the list, click the Next button. On this new Window you can search for the application by the name. Type in the name beside the FIND field. Or simply click the START button to scan your computer for all programs.

In a few seconds a list of programs installed on your computer will appear. Select the one you want to forcefully remove and click the Next button. On the next Window all files connected with the selected item will appear in a list. You can choose to Remove the Check items or expand the search by selecting The option All Programs in the Directory or All Files including Dataoptions at the top. You can try this as no files will be removed; only additional files will be added to the list, if they are available.

Usually you want to remove all files associated with an App or Program , unless you plan on reinstalling the App or Program again, in which case it may be good to keep the saved Data Files.

To forcefully remove the selected files, click the Remove Checked button.

Once done, all found files will be removed. Any Registry entries will be removed the next time you run OneClick or the WinReg Cleaner option.

12. WinSmart Mover

Please remember that this utility is designed to move folders and applications from one drive to another on the same computer. It cannot migrate applications to other PCs. It also cannot move Windows or very large applications like Microsoft Word or Excel.

Select the folder you would like to move and than select the location you would like to move it. Once this is done, click on the NEXT button to continue. The screen illustrated below will appear.

When you click the START button a scan will be carried out. No files will be moved at this point. Only data will be collected. All information found about the folder is displayed under Search Results. You can click on the + sign to see more details.

Once the scan has completed, you must click the MOVE FOLDER button in order for the move to take place.

You can click on the Advanced Options button in the screen above if you would like to see more options.

13. Undo

Selecting this button will allow you to restore previously deleted files during the cleanup process. You only need to use this feature if you find that you are missing some files after a clean up. This is very rare as WinCleaner only removes unnecessary clutter and junk files. Also if you selected to no back up the files during the cleanup, the files will not be available to restore.

When you select the UNDO option and close the Quick Help Pop-up window. You may see a series of entries. These are based on the date of a cleanup. If you have done different cleanups on different dates, each of the clean ups will be listed in chronological order.

Simply select a Cleanup Date and click the Next button. One you click the Next button all the backed up file and registry entries will appear in the next Window. They will all be selected. You can unselect any or all and select the ones you want to restore or keep the selection and restore them all by clicking the Restore Selected button.

Select the folder you would like to move and than select the location you would like to move it. Once this is done, click on the NEXT button to continue.

13.1. Advanced Option For Undo

The Undo option has an Advance Options button at the bottom of the Window. When you select this button, it will bring up a Window that will allow WinCleaner to automatically delete all Backed up files once they are older than the specified time. The range is from 7 days up to 120 days. This is automatic and you will get a pop up message the next time you run WinCleaner asking you if you want to delete your back up files. Although the files are compressed, over time the back-ups do take up space and if you do not need the back-ups, deleting them will free up used disk space. You also have the option to shred the back-up files. (Shredding is not recommended on SSD drives!)

14. Technical Support

As a WinCleaner Customer you will be able to submit a technical support ticket. Click on the button below to submit your support question or issue.

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interface can all use the registry. The registry also allows access to counters for profiling system performance.

In other words, the registry or Windows Registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems. For example, when a program is installed, a new subkey containing settings such as a program's location, its version, and how to start the program, are all added to the Windows Registry.

When introduced with Windows 3.1, the Windows Registry primarily stored configuration information for COM-based components. Windows 95 and Windows NT extended its use to rationalise and centralise the information in the profusion of INI files, which held the configurations for individual programs, and were stored at various locations.^[1][2] It is not a requirement for Windows applications to use the Windows Registry. For example, .NET Framework applications use XML files for configuration, while portable applications usually keep their configuration files with their executables.

Rationale[edit]

Prior to the Windows Registry, .INI files stored each program's settings as a text or binary file, often located in a shared location that did not provide user-specific settings in a multi-user scenario. By contrast, the Windows Registry stores all application settings in one logical repository (but a number of discrete files) and in a standardized form. According to Microsoft, this offers several advantages over .INI files.^[2][3] Since file parsing is done much more efficiently with a binary format, it may be read from or written to more quickly than a text INI file. Furthermore, strongly typed data can be stored in the registry, as opposed to the text information stored in .INI files. This is a benefit when editing keys manually using , the built-in Windows Registry Editor. Because user-based registry settings are loaded from a user-specific path rather than from a read-only system location, the registry allows multiple users to share the same machine, and also allows programs to work for less privileged users. Backup and restoration is also simplified as the registry can be accessed over a network connection for remote management/support, including from scripts, using the standard set of APIs, as long as the Remote Registry service is running and firewall rules permit this.

Because the registry is a database, it offers improved system integrity with features such as atomic updates. If two processes attempt to update the same registry value at the same time, one process's change will precede the other's and the overall consistency of the data will be maintained. Where changes are made to .INI files, such race conditions can result in inconsistent data that does not match either attempted update. Windows Vista and later operating systems provide transactional updates to the registry by means of the Kernel Transaction Manager, extending the atomicity guarantees across multiple key and/or value changes, with traditional commit–abort semantics. (Note however that NTFS provides such support for the file system as well, so the same guarantees could, in theory, be obtained with traditional configuration files.)

Structure[edit]

Keys and values[edit]

The registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values and subkeys. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.

The hierarchy of registry keys can only be accessed from a known root key handle (which is anonymous but whose effective value is a constant numeric handle) that is mapped to the content of a registry key preloaded by the kernel from a stored "hive", or to the content of a subkey within another root key, or mapped to a registered service or DLL that provides access to its contained subkeys and values.

E.g. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE root key.

There are seven predefined root keys, traditionally named according to their constant handles defined in the Win32 API, or by synonymous abbreviations (depending on applications):

• HKEY_LOCAL_MACHINE or HKLM
• HKEY_CURRENT_CONFIG or HKCC
• HKEY_CLASSES_ROOT or HKCR
• HKEY_CURRENT_USER or HKCU
• HKEY_USERS or HKU
• HKEY_PERFORMANCE_DATA (only in Windows NT, but invisible in the Windows Registry Editor)
• HKEY_DYN_DATA (only in Windows 9x, and visible in the Windows Registry Editor)

Like other files and services in Windows, all registry keys may be restricted by access control lists (ACLs), depending on user privileges, or on security tokens acquired by applications, or on system security policies enforced by the system (these restrictions may be predefined by the system itself, and configured by local system administrators or by domain administrators). Different users, programs, services or remote systems may only see some parts of the hierarchy or distinct hierarchies from the same root keys.

Registry values are name/data pairs stored within keys. Registry values are referenced separately from registry keys. Each registry value stored in a registry key has a unique name whose letter case is not significant. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key. Registry values may contain backslashes in their names, but doing so makes them difficult to distinguish from their key paths when using some legacy Windows Registry API functions (whose usage is deprecated in Win32).

The terminology is somewhat misleading, as each registry key is similar to an associative array, where standard terminology would refer to the name part of each registry value as a "key". The terms are a holdout from the 16-bit registry in Windows 3, in which registry keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the Windows 3 registry was like a single associative array, in which the keys (in the sense of both 'registry key' and 'associative array key') formed a hierarchy, and the registry values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted.^[4] For compatibility with the previous behavior, each registry key may have a "default" value, whose name is the empty string.

Each value can store arbitrary data with variable length and encoding, but which is associated with a symbolic type (defined as a numeric constant) defining how to parse this data. The standard types are:

Root keys[edit]

The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".^[2] They are frequently abbreviated to a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM). Technically, they are predefined handles (with known constant values) to specific keys that are either maintained in memory, or stored in hive files stored in the local filesystem and loaded by the system kernel at boot time and then shared (with various access rights) between all processes running on the local system, or loaded and mapped in all processes started in a user session when the user logs on the system.

The HKEY_LOCAL_MACHINE (local machine-specific configuration data) and HKEY_CURRENT_USER (user-specific configuration data) nodes have a similar structure to each other; user applications typically look up their settings by first checking for them in "HKEY_CURRENT_USER\Software\Vendor's name\Application's name\Version\Setting name", and if the setting is not found, look instead in the same location under the HKEY_LOCAL_MACHINE key^{[citation needed]}. However, the converse may apply for administrator-enforced policy settings where HKLM may take precedence over HKCU. The Windows Logo Program has specific requirements for where different types of user data may be stored, and that the concept of least privilege be followed so that administrator-level access is not required to use an application.^[a][5]

HKEY_LOCAL_MACHINE (HKLM)[edit]

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are specific to the local computer.^[6]

The key located by HKLM is actually not stored on disk, but maintained in memory by the system kernel in order to map all the other subkeys. Applications cannot create any additional subkeys. On Windows NT, this key contains four subkeys, "SAM", "SECURITY", "SYSTEM", and "SOFTWARE", that are loaded at boot time within their respective files located in the %SystemRoot%\System32\config folder. A fifth subkey, "HARDWARE", is volatile and is created dynamically, and as such is not stored in a file (it exposes a view of all the currently detected Plug-and-Play devices). On Windows Vista and above, a sixth and seventh subkey, "COMPONENTS" and "BCD", are mapped in memory by the kernel on-demand and loaded from %SystemRoot%\system32\config\COMPONENTS or from boot configuration data, \boot\BCD on the system partition.

• The "HKLM\SAM" key usually appears as empty for most users (unless they are granted access by administrators of the local system or administrators of domains managing the local system). It is used to reference all "Security Accounts Manager" (SAM) databases for all domains into which the local system has been administratively authorized or configured (including the local domain of the running system, whose SAM database is stored a subkey also named "SAM": other subkeys will be created as needed, one for each supplementary domain). Each SAM database contains all builtin accounts (mostly group aliases) and configured accounts (users, groups and their aliases, including guest accounts and administrator accounts) created and configured on the respective domain, for each account in that domain, it notably contains the user name which can be used to log on that domain, the internal unique user identifier in the domain, a cryptographic hash of each user's password for each enabled authentication protocol, the location of storage of their user registry hive, various status flags (for example if the account can be enumerated and be visible in the logon prompt screen), and the list of domains (including the local domain) into which the account was configured.
• The "HKLM\SECURITY" key usually appears empty for most users (unless they are granted access by users with administrative privileges) and is linked to the Security database of the domain into which the current user is logged on (if the user is logged on the local system domain, this key will be linked to the registry hive stored by the local machine and managed by local system administrators or by the builtin "System" account and Windows installers). The kernel will access it to read and enforce the security policy applicable to the current user and all applications or operations executed by this user. It also contains a "SAM" subkey which is dynamically linked to the SAM database of the domain onto which the current user is logged on.
• The "HKLM\SYSTEM" key is normally only writable by users with administrative privileges on the local system. It contains information about the Windows system setup, data for the secure random number generator (RNG), the list of currently mounted devices containing a filesystem, several numbered "HKLM\SYSTEM\Control Sets" containing alternative configurations for system hardware drivers and services running on the local system (including the currently used one and a backup), a "HKLM\SYSTEM\Select" subkey containing the status of these Control Sets, and a "HKLM\SYSTEM\CurrentControlSet" which is dynamically linked at boot time to the Control Set which is currently used on the local system. Each configured Control Set contains:
  • an "Enum" subkey enumerating all known Plug-and-Play devices and associating them with installed system drivers (and storing the device-specific configurations of these drivers),
  • a "Services" subkey listing all installed system drivers (with non device-specific configuration, and the enumeration of devices for which they are instantiated) and all programs running as services (how and when they can be automatically started),
  • a "Control" subkey organizing the various hardware drivers and programs running as services and all other system-wide configuration,
  • a "Hardware Profiles" subkey enumerating the various profiles that have been tuned (each one with "System" or "Software" settings used to modify the default profile, either in system drivers and services or in the applications) as well as the "Hardware Profiles\Current" subkey which is dynamically linked to one of these profiles.
• The "HKLM\SOFTWARE" subkey contains software and Windows settings (in the default hardware profile). It is mostly modified by application and system installers. It is organized by software vendor (with a subkey for each), but also contains a "Windows" subkey for some settings of the Windows user interface, a "Classes" subkey containing all registered associations from file extensions, MIME types, Object Classes IDs and interfaces IDs (for OLE, COM/DCOM and ActiveX), to the installed applications or DLLs that may be handling these types on the local machine (however these associations are configurable for each user, see below), and a "Policies" subkey (also organized by vendor) for enforcing general usage policies on applications and system services (including the central certificates store used for authenticating, authorizing or disallowing remote systems or services running outside the local network domain).
• The "HKLM\SOFTWARE\Wow6432Node" key is used by 32-bit applications on a 64-bit Windows OS, and is equivalent but separate to "HKLM\SOFTWARE". The key path is transparently presented to 32-bit applications by WoW64 as HKLM\SOFTWARE^[7] (in a similar way that 32-bit applications see %SystemRoot%\Syswow64 as %SystemRoot%\System32)

HKEY_CURRENT_CONFIG (HKCC)[edit]

Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time. It is a handle to the key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current", which is initially empty but populated at boot time by loading one of the other subkeys stored in "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles".

HKEY_CLASSES_ROOT (HKCR)[edit]

Abbreviated HKCR, HKEY_CLASSES_ROOT contains information about registered applications, such as file associations and OLE Object Class IDs, tying them to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of user-based HKCU\Software\Classes and machine-based HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes takes precedence.^[8] The design allows for either machine- or user-specific registration of COM objects.

HKEY_USERS (HKU)[edit]

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user profile actively loaded on the machine, though user hives are usually only loaded for currently logged-in users.

HKEY_CURRENT_USER (HKCU)[edit]

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user.^[9] The HKEY_CURRENT_USER key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is accessible in both locations. The specific subkey referenced is "(HKU)\(SID)\..." where (SID) corresponds to the Windows SID; if the "(HKCU)" key has the following suffix "(HKCU)\Software\Classes\..." then it corresponds to "(HKU)\(SID)_CLASSES\..." i.e. the suffix has the string "_CLASSES" is appended to the (SID).

On Windows NT systems, each user's settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users sub folder in Windows Vista and above). Settings in this hive follow users with a roaming profile from machine to machine.

HKEY_PERFORMANCE_DATA[edit]

This key provides runtime information into performance data provided by either the NT kernel itself, or running system drivers, programs and services that provide performance data. This key is not stored in any hive and not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API, or in a simplified view via the Performance tab of the Task Manager (only for a few performance data on the local system) or via more advanced control panels (such as the Performances Monitor or the Performances Analyzer which allows collecting and logging these data, including from remote systems).

HKEY_DYN_DATA[edit]

This key is used only on Windows 95, Windows 98 and Windows ME.^[10] It contains information about hardware devices, including Plug and Play and network performance statistics. The information in this hive is also not stored on the hard drive. The Plug and Play information is gathered and configured at startup and is stored in memory.^[11]

Hives[edit]

Even though the registry presents itself as an integrated hierarchical database, branches of the registry are actually stored in a number of disk files called hives.^[12] (The word hive constitutes an in-joke.)^[13]

Some hives are volatile and are not stored on disk at all. An example of this is the hive of the branch starting at HKLM\HARDWARE. This hive records information about system hardware and is created each time the system boots and performs hardware detection.

Individual settings for users on a system are stored in a hive (disk file) per user. During user login, the system loads the user hive under the HKEY_USERS key and sets the HKCU (HKEY_CURRENT_USER) symbolic reference to point to the current user. This allows applications to store/retrieve settings for the current user implicitly under the HKCU key.

Not all hives are loaded at any one time. At boot time, only a minimal set of hives are loaded, and after that, hives are loaded as the operating system initializes and as users log in or whenever a hive is explicitly loaded by an application.

File locations[edit]

The registry is physically stored in several files, which are generally obfuscated from the user-mode APIs used to manipulate the data inside the registry. Depending upon the version of Windows, there will be different files and different locations for these files, but they are all on the local machine. The location for system registry files in Windows NT is ; the user-specific HKEY_CURRENT_USER user registry hive is stored in inside the user profile. There is one of these per user; if a user has a roaming profile, then this file will be copied to and from a server at logout and login respectively. A second user-specific registry file named UsrClass.dat contains COM registry entries and does not roam by default.

Windows NT[edit]

Windows NT systems store the registry in a binary file format which can be exported, loaded and unloaded by the Registry Editor in these operating systems. The following system registry files are stored in :

• – HKEY_LOCAL_MACHINE\SAM
• – HKEY_LOCAL_MACHINE\SECURITY
• – HKEY_LOCAL_MACHINE\SOFTWARE
• – HKEY_LOCAL_MACHINE\SYSTEM
• – HKEY_USERS\.DEFAULT
• – Not associated with a hive. Used only when upgrading operating systems.^[14]

The following file is stored in each user's profile folder:

• – HKEY_USERS\<User SID> (linked to by HKEY_CURRENT_USER)

For Windows 2000, Server 2003 and Windows XP, the following additional user-specific file is used for file associations and COM information:

• (path is localized) – HKEY_USERS\<User SID>_Classes (HKEY_CURRENT_USER\Software\Classes)

For Windows Vista and later, the path was changed to:

• (path is not localized) alias – HKEY_USERS\<User SID>_Classes (HKEY_CURRENT_USER\Software\Classes)

Windows 2000 keeps an alternate copy of the registry hives (.ALT) and attempts to switch to it when corruption is detected.^[15] Windows XP and Windows Server 2003 do not maintain a hive because NTLDR on those versions of Windows can process the file to bring up to date a System hive that has become inconsistent during a shutdown or crash. In addition, the folder contains a copy of the system's registry hives that were created after installation and the first successful startup of Windows.

Each registry data file has an associated file with a ".log" extension that acts as a transaction log that is used to ensure that any interrupted updates can be completed upon next startup.^[16] Internally, Registry files are split into 4 kB "bins" that contain collections of "cells".^[16]

Windows 9x[edit]

The registry files are stored in the directory under the names and with the addition of in Windows ME. Also, each user profile (if profiles are enabled) has its own file which is located in the user's profile directory in .

Windows 3.11[edit]

The only registry file is called and it is stored in the directory.

Windows 10 Mobile[edit]

Note: To access the registry files, the Phone needs to be set in a special mode using either: 

If any of above Methods worked - The Device Registry Files can be found in the following location:

Note: InterOp Tools also includes a registry editor.

Editing[edit]

Registry editors[edit]

The registry contains important configuration information for the operating system, for installed applications as well as individual settings for each user and application. A careless change to the operating system configuration in the registry could cause irreversible damage, so it is usually only installer programs which perform changes to the registry database during installation/configuration and removal. If a user wants to edit the registry manually, Microsoft recommends that a backup of the registry be performed before the change.^[17] When a program is removed from control panel, it is not completely removed and the user must manually check inside directories such as program files. After this, the user needs to manually remove any reference to the uninstalled program in the registry. This is usually done by using RegEdit.exe.^[18] Editing the registry is sometimes necessary when working around Windows-specific issues e.g. problems when logging onto a domain can be resolved by editing the registry.^[19]

Windows Registry can be edited manually using programs such as RegEdit.exe, although these tools do not expose some of the registry's metadata such as the last modified date.

The registry editor for the 3.1/95 series of operating systems is RegEdit.exe and for Windows NT it is RegEdt32.exe; the functionalities are merged in Windows XP. Optional and/or third-party tools similar to RegEdit.exe are available for many Windows CE versions.

Registry Editor allows users to perform the following functions:

• Creating, manipulating, renaming^[20] and deleting registry keys, subkeys, values and value data
• Importing and exporting . files, exporting data in the binary hive format
• Loading, manipulating and unloading registry hive format files (Windows NT systems only)
• Setting permissions based on ACLs (Windows NT systems only)
• Bookmarking user-selected registry keys as Favorites
• Finding particular strings in key names, value names and value data
• Remotely editing the registry on another networked computer

. files[edit]

. files (also known as Registration entries) are text-based human-readable files for exporting and importing portions of the registry. On Windows 2000 and later, they contain the string Windows Registry Editor Version 5.00 at the beginning and are Unicode-based. On Windows 9x and NT 4.0 systems, they contain the string REGEDIT4 and are ANSI-based.^[21] Windows 9x format . files are compatible with Windows 2000 and later. The Registry Editor on Windows on these systems also supports exporting . files in Windows 9x/NT format. Data is stored in . files using the following syntax:^[21]

The Default Value of a key can be edited by using "@" instead of "Value Name":

String values do not require a <Value type> (see example), but backslashes ('\') need to be written as a double-backslash ('\\'), and quotes ('"') as backslash-quote ('\"').

For example, to add the values "Value A", "Value B", "Value C", "Value D", "Value E", "Value F", "Value G", "Value H", "Value I", "Value J", "Value K", "Value L", and "Value M" to the HKLM\SOFTWARE\Foobar key:

Data from . files can be added/merged with the registry by double-clicking these files or using the /s switch in the command line. files can also be used to remove registry data.

To remove a key (and all subkeys, values and data), the key name must be preceded by a minus sign ("-").^[21]

For example, to remove the HKLM\SOFTWARE\Foobar key (and all subkeys, values and data),

To remove a value (and its data), the values to be removed must have a minus sign ("-") after the equal sign ("=").^[21]

For example, to remove only the "Value A" and "Value B" values (and their data) from the HKLM\SOFTWARE\Foobar key:

To remove only the Default value of the key HKLM\SOFTWARE\Foobar (and its data):

Lines beginning with a semicolon are considered comments:

Group policies[edit]

Windows group policies can change registry keys for a number of machines or individual users based on policies. When a policy first takes effect for a machine or for an individual user of a machine, the registry settings specified as part of the policy are applied to the machine or user settings.

Windows will also look for updated policies and apply them periodically, typically every 90 minutes.^[22]

Through its scope a policy defines which machines and/or users the policy is to be applied to. Whether a machine or user is within the scope of a policy or not is defined by a set of rules which can filter on the location of the machine or user account in organizational directory, specific users or machine accounts or security groups. More advanced rules can be set up using Windows Management Instrumentation expressions. Such rules can filter on properties such as computer vendor name, CPU architecture, installed software, or networks connected to.

For instance, the administrator can create a policy with one set of registry settings for machines in the accounting department and policy with another (lock-down) set of registry settings for kiosk terminals in the visitors area. When a machine is moved from one scope to another (e.g. changing its name or moving it to another organizational unit), the correct policy is automatically applied. When a policy is changed it is automatically re-applied to all machines currently in its scope.

The policy is edited through a number of administrative templates which provides a user interface for picking and changing settings. The set of administrative templates is extensible and software packages which support such remote administration can register their own templates.

Command line editing[edit]

The registry can be manipulated in a number of ways from the command line. The and utility tools are included in Windows XP and later versions of Windows. Alternative locations for legacy versions of Windows include the Resource Kit CDs or the original Installation CD of Windows.

Also, a file can be imported from the command line with the following command:

The /s means the file will be silent merged to the registry. If the parameter is omitted the user will be asked to confirm the operation. In Windows 98, Windows 95 and at least some configurations of Windows XP the switch also causes to ignore the setting in the registry that allows administrators to disable it. When using the switch does not return an appropriate return code if the operation fails, unlike which does.

exports the whole registry in V5 format to a UNICODE file, while any of

export the specified (sub)key (which has to be enclosed in quotes if it contains spaces) only.

exports the whole registry in V4 format to an ANSI file.

exports the specified (sub)key (which has to be enclosed in quotes if it contains spaces) only.

It is also possible to use . Here is a sample to display the value of the registry value Version:

Other command line options include a VBScript or JScript together with CScript, WMI or and Windows PowerShell.

Registry permissions can be manipulated through the command line using and the tool. For example, the permissions on the HKEY_LOCAL_MACHINE\SOFTWARE key can be displayed using:

PowerShell commands and scripts[edit]

Using PowerShell to navigate the registry

Windows PowerShell comes with a registry provider which presents the registry as a location type similar to the file system. The same commands used to manipulate files/directories in the file system can be used to manipulate keys/values of the registry.

Also like the file system, PowerShell uses the concept of a current location which defines the context on which commands by default operate. The (also available through the alias or ) retrieves the child keys of the current location. By using the (or the alias ) command the user can change the current location to another key of the registry. Commands which rename items, remove items, create new items or set content of items or properties can be used to rename keys, remove keys or entire sub-trees or change values.

Through PowerShell scripts files a user/administrator can prepare scripts which, when executed, make changes to the registry. Such scripts can be distributed to users/administrators who can execute them on individual machines.

The PowerShell Registry provider supports transactions, i.e. multiple changes to the registry can be bundled into a single atomic transaction. An atomic transaction ensures that either all of the changes are committed to the database, or if the script fails, none of the changes are committed to the database.

Programs or scripts[edit]

The registry can be edited through the APIs of the Advanced Windows 32 Base API Library (advapi32.dll).^[23]

Many programming languages offer built-in runtime library functions or classes that wrap the underlying Windows APIs and thereby enable programs to store settings in the registry (e.g. in VB.NET and C#, or in Delphi and Free Pascal). COM-enabled applications like Visual Basic 6 can use the WSH object. Another way is to use the Windows Resource Kit Tool, by executing it from code,^[24] although this is considered poor programming practice.

Similarly, scripting languages such as Perl (with ), Python (with winreg), TCL (which comes bundled with the registry package),^[25]Windows Powershell and Windows Scripting Host also enable registry editing from scripts.

Offline editing[edit]

The offreg.dll^[26] available from the Windows Driver Kit offers a set of APIs for the creation and manipulation of currently not loaded registry hives similar to those provided by advapi32.dll.

It is also possible to edit the registry (hives) of an offline system from Windows PE or Linux (in the latter case using open source tools).

COM self-registration[edit]

Prior to the introduction of registration-free COM, developers were encouraged to add initialization code to in-process and out-of-process binaries to perform the registry configuration required for that object to work. For in-process binaries such as .DLL and .OCX files, the modules typically exported a function called DllInstall()^[27] that could be called by installation programs or invoked manually with utilities like Regsvr32.exe;^[28] out-of-process binaries typically support the commandline arguments /Regserver and /Unregserver that created or deleted the required registry settings.^[29] COM applications that break because of DLL Hell issues can commonly be repaired with RegSvr32.exe or the /RegServer switch without having to re-invoke installation programs.^[30]

Advanced functionality[edit]

Windows exposes APIs that allows user-mode applications to register to receive a notification event if a particular registry key is changed.^[31] APIs are also available to allow kernel-mode applications to filter and modify registry calls made by other applications.^[32]

Windows also supports remote access to the registry of another computer via the function^[33] if the Remote Registry service is running, correctly configured and its network traffic is not firewalled.^[34]

Security[edit]

Each key in the registry of Windows NT versions can have an associated security descriptor. The security descriptor contains an access control list (ACL) that describes which user groups or individual users are granted or denied access permissions. The set of registry permissions include 10 rights/permissions which can be explicitly allowed or denied to a user or a group of users.

As with other securable objects in the operating system, individual access control entries (ACE) on the security descriptor can be explicit or inherited from a parent object.^[35]

Windows Resource Protection is a feature of Windows Vista and later versions of Windows that uses security to deny Administrators and the system WRITE access to some sensitive keys to protect the integrity of the system from malware and accidental modification.^[36]

Special ACEs on the security descriptor can also implement mandatory integrity control for the registry key and subkeys. A process running at a lower integrity level cannot write, change or delete a registry key/value, even if the account of the process has otherwise been granted access through the ACL. For instance, Internet Explorer running in Protected Mode can read medium and low integrity registry keys/values of the currently logged on user, but it can only modify low integrity keys.^[37]

Outside security, registry keys cannot be deleted or edited due to other causes. Registry keys containing NUL characters cannot be deleted with standard registry editors and require a special utility for deletion, such as RegDelNull.^[38][39]

Backups and recovery[edit]

Different editions of Windows have supported a number of different methods to back up and restore the registry over the years, some of which are now deprecated:

• System Restore can back up the registry and restore it as long as Windows is bootable, or from the Windows Recovery Environment (starting with Windows Vista).
• NTBackup can back up the registry as part of the System State and restore it. Automated System Recovery in Windows XP can also restore the registry.
• On Windows NT, the Last Known Good Configuration option in startup menu relinks the key, which stores hardware and device driver information.
• Windows 98 and Windows ME include command line (Scanreg.exe) and GUI (Scanregw.exe) registry checker tools to check and fix the integrity of the registry, create up to five automatic regular backups by default and restore them manually or whenever corruption is detected.^[40] The registry checker tool backs up the registry, by default, to Scanreg.exe can also run from MS-DOS.^[41]
• The Windows 95 CD-ROM included an Emergency Recovery Utility (ERU.exe) and a Configuration Backup Tool (Cfgback.exe) to back up and restore the registry. Additionally Windows 95 backs up the registry to the files system.da0 and user.da0 on every successful boot.
• Windows NT 4.0 included , a utility to back up and restore the entire registry.^[42]
• Windows 2000 Resource Kit contained an unsupported pair of utilities called Regback.exe and RegRest.exe for backup and recovery of the registry.^[43]
• Periodic automatic backups of the registry are now disabled by default on Windows 10 May 2019 Update (version 1903). Microsoft recommends System Restore be used instead.^[44]

Policy[edit]

Group policy[edit]

Windows 2000 and later versions of Windows use Group Policy to enforce registry settings through a registry-specific client extension in the Group Policy processing engine.^[45] Policy may be applied locally to a single computer using , or to multiple users and/or computers in a domain using .

Legacy systems[edit]

With Windows 95, Windows 98, Windows ME and Windows NT 4.0, administrators can use a special file to be merged into the registry, called a policy file (). The policy file allows administrators to prevent non-administrator users from changing registry settings like, for instance, the security level of Internet Explorer and the desktop background wallpaper. The policy file is primarily used in a business with a large number of computers where the business needs to be protected from rogue or careless users.

The default extension for the policy file is . The policy file filters the settings it enforces by user and by group (a "group" is a defined set of users). To do that the policy file merges into the registry, preventing users from circumventing it by simply changing back the settings. The policy file is usually distributed through a LAN, but can be placed on the local computer.

The policy file is created by a free tool by Microsoft that goes by the filename for Windows 95/Windows 98 and with a computer management module for Windows NT. The editor requires administrative permissions to be run on systems that uses permissions. The editor can also directly change the current registry settings of the local computer and if the remote registry service is installed and started on another computer it can also change the registry on that computer. The policy editor loads the settings it can change from files, of which one is included, that contains the settings the Windows shell provides. The file is plain text and supports easy localisation by allowing all the strings to be stored in one place.

Virtualization[edit]

INI file virtualization[edit]

Windows NT kernels support redirection of INI file-related APIs into a virtual file in a registry location such as HKEY_CURRENT_USER using a feature called "InifileMapping".^[46] This functionality was introduced to allow legacy applications written for 16-bit versions of Windows to be able to run under Windows NT platforms on which the System folder is no longer considered an appropriate location for user-specific data or configuration. Non-compliant 32-bit applications can also be redirected in this manner, even though the feature was originally intended for 16-bit applications.

Registry virtualization[edit]

Windows Vista introduced limited registry virtualization, whereby poorly written applications that do not respect the principle of least privilege and instead try to write user data to a read-only system location (such as the HKEY_LOCAL_MACHINE hive), are silently redirected to a more appropriate location, without changing the application itself.

Similarly, application virtualization redirects all of an application's invalid registry operations to a location such as a file. Used together with file virtualization, this allows applications to run on a machine without being installed on it.

Low integrity processes may also use registry virtualization. For example, Internet Explorer 7 or 8 running in "Protected Mode" on Windows Vista and above will automatically redirect registry writes by ActiveX controls to a sandboxed location in order to frustrate some classes of security exploits.

The Application Compatibility Toolkit^[47] provides shims that can transparently redirect HKEY_LOCAL_MACHINE or HKEY_CLASSES_ROOT Registry operations to HKEY_CURRENT_USER to address "LUA" bugs that cause applications not to work for users with insufficient rights.

Disadvantages[edit]

Critics labeled the registry in Windows 95 a single point of failure, because re-installation of the operating system was required if the registry became corrupt.^{[citation needed]} However, Windows NT uses transaction logs to protect against corruption during updates. Current versions of Windows use two levels of log files to ensure integrity even in the case of power failure or similar catastrophic events during database updates.^[48] Even in the case of a non-recoverable error, Windows can repair or re-initialize damaged registry entries during system boot.^[48]

Equivalents and alternatives[edit]

In Windows, use of the registry for storing program data is a matter of developer's discretion. Microsoft provides programming interfaces for storing data in XML files (via MSXML) or database files (via SQL Server Compact) which developers can use instead. Developers are also free to use non-Microsoft alternatives or develop their own proprietary data stores.

In contrast to Windows Registry's binary-based database model, some other operating systems use separate plain-text files for daemon and application configuration, but group these configurations together for ease of management.

• In Unix-like operating systems (including Linux) that follow the Filesystem Hierarchy Standard, system-wide configuration files (information similar to what would appear in HKEY_LOCAL_MACHINE on Windows) are traditionally stored in files in and its subdirectories, or sometimes in . Per-user information (information that would be roughly equivalent to that in HKEY_CURRENT_USER) is stored in hidden directories and files (that start with a period/full stop) within the user's home directory. However XDG-compliant applications should refer to the environment variables defined in the Base Directory specification.^[49]
• In macOS, system-wide configuration files are typically stored in the folder, whereas per-user configuration files are stored in the corresponding folder in the user's home directory, and configuration files set by the system are in . Within these respective directories, an application typically stores a property list file in the sub-directory.
• RISC OS (not to be confused with MIPS RISC/os) uses directories for configuration data, which allows applications to be copied into application directories, as opposed to the separate installation process that typifies Windows applications; this approach is also used on the ROX Desktop for Linux.^[50] This directory-based configuration also makes it possible to use different versions of the same application, since the configuration is done "on the fly".^[51] If one wishes to remove the application, it is possible to simply delete the folder belonging to the application.^[52][53] This will often not remove configuration settings which are stored independently from the application, usually within the computer's !Boot structure, in !Boot.Choices or potentially anywhere on a network fileserver. It is possible to copy installed programs between computers running RISC OS by copying the application directories belonging to the programs, however some programs may require re-installing, e.g. when shared files are placed outside an application directory.^[51]
• IBM AIX (a Unix variant) uses a registry component called Object Data Manager (ODM). The ODM is used to store information about system and device configuration. An extensive set of tools and utilities provides users with means of extending, checking, correcting the ODM database. The ODM stores its information in several files, default location is /etc/objrepos.
• The GNOME desktop environment uses a registry-like interface called dconf for storing configuration settings for the desktop and applications.
• The Elektra Initiative provides alternative back-ends for various different text configuration files.
• While not an operating system, the Winecompatibility layer, which allows Windows software to run on a Unix-like system, also employs a Windows-like registry as text files in the WINEPREFIX folder: system.reg (HKEY_LOCAL_MACHINE), user.reg (HKEY_CURRENT_USER) and userdef.reg.^[54]