Compare button and menu item are operable only when 2 Main Nodes are active. So, when you want to use this option you should have at least 2 scans of Registry in the current file (see. Registry Scan ))
You can choose any key for comparing, when you click the Compare button. If the relevant key exists in another active tree the procedure of comparison will be accomplished, otherwise the following message will be displayed: "Appropriate node does not exist :..".
You can exclude certain keys from comparison see "Exclude from comparison "
One copy is always newer than the other – it is marked as New, and the older one is marked as Old. When comparing is finished, a window with three (or less) trees appears:
1) "Deleted - xx" – this is a tree showing deleted Keys and Value Names, i.e. those ones that used to be the old copy of the Registry, but were not found in the newer one.
2) "Added - xx" – this is a tree showing added Keys and Value Names;
3) "Distinction in data - xx"– this is a tree showing changed Value Data.
In the first tree - "Deleted - xx" (xx = number of keys and value names missing in the new copy as compared to the old one) deleted Keys are marked by a yellow bulb, all their subkeys are marked by a gray bulb. The Keys marked by a green bulb are those from which some Value Names were deleted. Only Value Names not found in the new copy are shown there. Subkeys which are remained the same are not shown.
Similar notation system is used in the second tree ("Added - xx"). The only difference is that Keys and Value Names present in the new copy and not found in the old one are shown here.
Analyzing this tree after installing of new software is helpful to understand whether there is a Trojan, or whether the software made illegal changes in critical Registry areas.
In the third tree ("Distinction in data - xx") only differences in Value Data are shown. Here !!!(xx) is a total number of pairs, where differences in Value Data were found. The Keys where such differences were found are marked with a green bulb. The data with the same Value Names are shown in columns and marked with the digits 1 and 2 for the old and new copy respectively. Icons showing data type look similar to icons in the Registry Editor, except for the digital type is divided into the three subtypes: 1 - Double word; 2 - Binary; 3 - Multi size. You can see the corresponding numbers in the bottom-right corner of icons.
If the Open selected key in other tree box is checked in Settings/Comparison, then when you switch to a tree under comparison the same key, that was selected in previous tree, would be opened (provided it exists in a tree you're switching to).
You can run case sensitive/non-sensitive comparison by checking/unchecking the Case sensitive box. This option works for Key and Value Name and doesn't work for Value Data. Comparison for Value Data is always case-sensitive.
By choosing Locate in Old or Locate in New in the context menu (depending on the active tree) of the selected Key, you can go to the corresponding source Key in the main window.
Upon double-clicking on a data string the Copy String window appears, where you can copy Value Name and the Value Data.