The registry that loaded first during windows startup is HKEY_LOCAL_MACHINE\SYSTEM.
Explanation:
This key is only writeable by the user with administrative privileges on the local machine.
This key contains information about windows system setup, data for a secure random number generator, the list of currently mounted devices containing file system. Several numbered “HKLM\SYSTEM\Control Sets contains alternative configuration fro system hardware drivers and services running on the local machine. An HKLM\SYSTEM|Select subkey contains the status of these control keys and an “HKLM\SYSTEM\CurrentControlSet” which is dynamically linked at the boot time to the control set which is currently used on the local machine.
Configured control set:
Enum:
An enum subkey enumerates all play and play devices and associate them with installed system derivers.
Services:
A services subkey list all installed system drivers and all programs running as services.
Control:
A control subkey organizes various hardware drivers and programs running as services and all other systems-wide configuration.
Hardware Profiles:
A hardware profile subkey enumerates various profiles that have been tuned. Each profile is tuned with system and software settings to modify the default profile, either in system drivers and services or in the applications. The hardware Profiles\Current subkey is dynamically linked to one of these profiles.
