Kernel driver 
…
sc qc ndu
SERVICE_NAME: ndu
TYPE : 1 KERNEL_DRIVER
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\drivers\Ndu.sys
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Network Data Usage Monitoring Driver
DEPENDENCIES : tcpip
SERVICE_START_NAME :
sc EnumDepend ndu
[SC] EnumDependentServices: entriesread = 0
sc Queryex ndu
SERVICE_NAME: ndu
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
As you can see, we see exact same infos in registry:
Well, what users now do with the Registry Hack is simple as:
Change:
START_TYPE : 2 AUTO_START
to
START_TYPE : 4 DISABLED
If users now set “4” a Restart is necessary because it is a Kernel driver.
After Restart:
SERVICE_NAME: ndu
TYPE : 1 KERNEL_DRIVER
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\drivers\Ndu.sys
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Network Data Usage Monitoring Driver
DEPENDENCIES : tcpip
SERVICE_START_NAME :
Then the network usage stats should disabled.