Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\NgVpnMgr] 'Start' = '00000002'
- <SYSTEM32>\ngvpnmgr.exe
- C:\depaul\aventail\105\AventailConnect-Windows.exe -f=c:\depaul\aventail\105\depaulngsetup.ini
- <SYSTEM32>\msiexec.exe -Embedding 3385818671DE38C04D0374B2D463DC51 M Global\MSI0000
- <SYSTEM32>\runonce.exe -r
- <SYSTEM32>\msiexec.exe /Y "%WINDIR%\ngwinx.dll"
- <SYSTEM32>\msiexec.exe /i "%ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.msi" /qb NGSETUP=1 ALLUSERS=1 CONFIGURATIONFILE="%ALLUSERSPROFILE%\Application Data\Aventail\ngsetup.ini"
- <SYSTEM32>\msiexec.exe /V
- %PROGRAM_FILES%\Aventail Connect\ng.ico
- <SYSTEM32>\ngcommon.dll
- <SYSTEM32>\nglogon.dll
- %PROGRAM_FILES%\Aventail Connect\Install\DIFxAPI.dll
- <DRIVERS>\ngfilter.sys
- <SYSTEM32>\nghelp.chm
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.inf
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.cat
- %WINDIR%\ngmsi.dll
- %WINDIR%\ngevent.dll
- %PROGRAM_FILES%\Aventail Connect\Install\ngvpn.cat
- %WINDIR%\ngwinx.dll
- <SYSTEM32>\nglocenu.dll
- %WINDIR%\ngmsgs.dll
- %PROGRAM_FILES%\Aventail Connect\SourceDir\ngvpn.cat
- <SYSTEM32>\ngclient.dll
- %WINDIR%\Temp\Top.bmp
- <SYSTEM32>\ngupdate.exe
- %WINDIR%\ngutil.exe
- <SYSTEM32>\ngvpnmgr.exe
- %WINDIR%\inf\ngvpn.inf
- <SYSTEM32>\ngmonitor.exe
- %WINDIR%\LastGood\TMPE.tmp
- %WINDIR%\Temp\OLDF.tmp
- <DRIVERS>\SETD.tmp
- %WINDIR%\LastGood\TMPB.tmp
- %WINDIR%\Temp\OLDC.tmp
- <DRIVERS>\SET10.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\Aventail\DePaul Wireless VPN Connection.lnk
- %WINDIR%\Installer\{A2A78788-2792-49BF-AF22-5E9296E568F3}\_6FEFF9B68218417F98F549.exe
- %ALLUSERSPROFILE%\Desktop\DePaul Wireless VPN Connection.lnk
- %WINDIR%\inf\ngvpn.PNF
- %ALLUSERSPROFILE%\Application Data\Aventail\nglog.lgf
- %ALLUSERSPROFILE%\Application Data\Aventail\ngwfp.sys
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ngvpn.CAT
- %ALLUSERSPROFILE%\Application Data\Aventail\ngfilter.sys
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.sys
- %ALLUSERSPROFILE%\Application Data\Aventail\nglog.sys
- %WINDIR%\LastGood\TMP5.tmp
- %WINDIR%\Temp\OLD9.tmp
- <DRIVERS>\SETA.tmp
- %WINDIR%\LastGood\TMP8.tmp
- %WINDIR%\Temp\OLD6.tmp
- <DRIVERS>\SET7.tmp
- <SYSTEM32>\ngras.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- %ALLUSERSPROFILE%\Application Data\Aventail\ngsetup.log
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.msi
- C:\depaul\aventail\105\AventailConnect-Windows.exe
- %TEMP%\nso2.tmp\UAC.dll
- C:\depaul\aventail\105\depaulngsetup.ini
- %ALLUSERSPROFILE%\Application Data\Aventail\ngsetup.ini
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
- %WINDIR%\Installer\1d9c1.msi
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
- %WINDIR%\Installer\MSI3.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- <DRIVERS>\nglog.sys
- <DRIVERS>\ngwfp.sys
- <SYSTEM32>\ngdial.exe
- C:\Config.Msi\1d9c4.rbs
- <DRIVERS>\ngvpn.sys
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ngvpn.CAT
- %ALLUSERSPROFILE%\Application Data\Aventail\ngfilter.sys
- %ALLUSERSPROFILE%\Application Data\Aventail\ngwfp.sys
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.sys
- %ALLUSERSPROFILE%\Application Data\Aventail\nglog.sys
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\1d9c3.ipi
- %TEMP%\nso2.tmp\UAC.dll
- C:\Config.Msi\1d9c4.rbs
- %WINDIR%\Installer\1d9c1.msi
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.cat
- <DRIVERS>\nglog.sys
- <DRIVERS>\ngwfp.sys
- <DRIVERS>\ngvpn.sys
- <DRIVERS>\ngfilter.sys
- %WINDIR%\Temp\OLDF.tmp
- %WINDIR%\Temp\OLD6.tmp
- %ALLUSERSPROFILE%\Application Data\Aventail\ngvpn.inf
- %WINDIR%\Temp\OLDC.tmp
- %WINDIR%\Temp\OLD9.tmp
- 'cr#.#hawte.com':80
- 'wp#d':80
- cr#.#hawte.com/ThawteCodeSigningCA.crl
- cr#.#hawte.com/ThawtePremiumServerCA.crl
- wp#d/wpad.dat
- DNS ASK cr#.#hawte.com
- DNS ASK wp#d
- ClassName: 'MsiDialogCloseClass' WindowName: 'Aventail Connect Setup Wizard'
- ClassName: 'Shell_TrayWnd' WindowName: ''