New
#11
There is no Parameters key in DPS and SstpSvc.
This is what is in the DPS key:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DPS
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:37
Value 0
Name: DisplayName
Type: REG_SZ
Data: @%systemroot%\system32\dps.dll,-500
Value 1
Name: ImagePath
Type: REG_EXPAND_SZ
Data: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Value 2
Name: Description
Type: REG_SZ
Data: @%systemroot%\system32\dps.dll,-501
Value 3
Name: ObjectName
Type: REG_SZ
Data: NT AUTHORITY\LocalService
Value 4
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 5
Name: Start
Type: REG_DWORD
Data: 0x2
Value 6
Name: Type
Type: REG_DWORD
Data: 0x20
Value 7
Name: ServiceSidType
Type: REG_DWORD
Data: 0x3
Value 8
Name: RequiredPrivileges
Type: REG_MULTI_SZ
Data: SeChangeNotifyPrivilege
SeCreateGlobalPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
Value 9
Name: FailureActions
Type: REG_BINARY
Data:
00000000 80 51 01 00 00 00 00 00 - 00 00 00 00 03 00 00 00 .Q..............
00000010 14 00 00 00 01 00 00 00 - c0 d4 01 00 01 00 00 00 ........ÀÔ......
00000020 e0 93 04 00 00 00 00 00 - 00 00 00 00 à...........
Value 10
Name: DelayedAutoStart
Type: REG_DWORD
Data: 0
This is what is in the SstpSvc key:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:37
Value 0
Name: DisplayName
Type: REG_SZ
Data: @%SystemRoot%\system32\sstpsvc.dll,-200
Value 1
Name: ImagePath
Type: REG_EXPAND_SZ
Data: %SystemRoot%\system32\svchost.exe -k LocalService
Value 2
Name: Description
Type: REG_SZ
Data: @%SystemRoot%\system32\sstpsvc.dll,-201
Value 3
Name: ObjectName
Type: REG_SZ
Data: NT Authority\LocalService
Value 4
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 5
Name: Start
Type: REG_DWORD
Data: 0x3
Value 6
Name: Type
Type: REG_DWORD
Data: 0x20
Value 7
Name: ServiceSidType
Type: REG_DWORD
Data: 0x1
Value 8
Name: RequiredPrivileges
Type: REG_MULTI_SZ
Data: SeChangeNotifyPrivilege
Value 9
Name: FailureActions
Type: REG_BINARY
Data:
00000000 80 51 01 00 00 00 00 00 - 00 00 00 00 03 00 00 00 .Q..............
00000010 14 00 00 00 01 00 00 00 - c0 d4 01 00 01 00 00 00 ........ÀÔ......
00000020 e0 93 04 00 00 00 00 00 - 00 00 00 00 à...........
And this is what is in the WfpLwf key:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf
Class Name: <NO CLASS>
Last Write Time: 16-10-2013 - 16:14
Value 0
Name: Type
Type: REG_DWORD
Data: 0x1
Value 1
Name: Start
Type: REG_DWORD
Data: 0x1
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: Tag
Type: REG_DWORD
Data: 0x10
Value 4
Name: ImagePath
Type: REG_EXPAND_SZ
Data: system32\DRIVERS\wfplwf.sys
Value 5
Name: DisplayName
Type: REG_SZ
Data: WFP Lightweight Filter
Value 6
Name: Group
Type: REG_SZ
Data: NDIS
Value 7
Name: Description
Type: REG_SZ
Data: WFP Lightweight Filter
Value 8
Name: NdisMajorVersion
Type: REG_DWORD
Data: 0x6
Value 9
Name: NdisMinorVersion
Type: REG_DWORD
Data: 0x14
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:39
Value 0
Name: DefaultFilterSettings
Type: REG_DWORD
Data: 0x1
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\Adapters
Class Name: <NO CLASS>
Last Write Time: 28-1-2013 - 4:24
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\Adapters\{7623A5DF-A50D-469F-AF22-0A6EE4A18BAF}
Class Name: <NO CLASS>
Last Write Time: 28-1-2013 - 4:24
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\Adapters\{7623A5DF-A50D-469F-AF22-0A6EE4A18BAF}\{B70D6460-3635-4D42-B866-B8AB1A24454C}-0000
Class Name: <NO CLASS>
Last Write Time: 28-1-2013 - 4:24
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\Adapters\{8BB1076F-039B-40E5-8EC0-C11013418CDB}
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:39
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\Adapters\{8BB1076F-039B-40E5-8EC0-C11013418CDB}\{B70D6460-3635-4D42-B866-B8AB1A24454C}-0000
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:39
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\NdisAdapters
Class Name: <NO CLASS>
Last Write Time: 28-1-2013 - 4:24
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\NdisAdapters\{7623A5DF-A50D-469F-AF22-0A6EE4A18BAF}
Class Name: <NO CLASS>
Last Write Time: 28-1-2013 - 4:24
Value 0
Name: InterfaceGuid
Type: REG_BINARY
Data:
00000000 5d 9e eb b0 c7 68 e2 11 - b9 26 e3 da 4f d6 86 9f ].ë°Çhâ.¹&ãÚOÖ..
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Parameters\NdisAdapters\{8BB1076F-039B-40E5-8EC0-C11013418CDB}
Class Name: <NO CLASS>
Last Write Time: 14-7-2009 - 11:39
Value 0
Name: InterfaceGuid
Type: REG_BINARY
Data:
00000000 f4 c6 9a e2 37 70 de 11 - 81 6d 80 08 3e df f9 14 ôÆ.â7pÞ..m..>ßù.
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WfpLwf\Enum
Class Name: <NO CLASS>
Last Write Time: 16-10-2013 - 16:14
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_WFPLWF\0000
Value 1
Name: Count
Type: REG_DWORD
Data: 0x1
Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1
Value 3
Name: INITSTARTFAILED
Type: REG_DWORD
Data: 0x1