MONITORED APPLICATION
  Cain & Abel

NOTES
  

MONITORED ON
  11/17/2006 12:57:01 PM

MONITORED APPLICATION PATH
  "C:\Documents and Settings\DCoT\Desktop\ca_setup.exe"

PRE-INSTALL SNAPSHOT NAME
  Nov17, 2006

POST-INSTALL SNAPSHOT NAME
  Cain & Abel

COMPARE PROFILE NAME
  All

DETECTED CHANGES
  FILE SYSTEM
    Folders created  :     6
    Folders deleted  :     0
    Files created      :    25
    Files deleted      :     0
    Files modified     :    10
  REGISTRY
    Keys created      :     5
    Keys deleted      :     0
    Values created   :     4
    Values deleted   :     0
    Values modified  :     4

LOG FILE NAME
  C:\Documents and Settings\DCoT\Local Settings\Application Data\Martau\Total Uninstall 3\MonitoredApps\Cain & Abel.tun

FILE SYSTEM DETAILS [View: All Details] (All)
---------------------------------------------
    (+)(FOLDER) C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
       (+)(FILE) Uninstall WinPcap 4.0 beta 2.lnk = 11/17/2006 12:56 PM, 680 bytes
       (+)(FILE) WinPcap Web Site.url = 11/17/2006 12:56 PM, 49 bytes
    (FOLDER) C:\Documents and Settings\DCoT\Desktop
       (+)(FILE) Cain.lnk = 11/17/2006 12:56 PM, 1486 bytes
    (+)(FOLDER) C:\Documents and Settings\DCoT\Start Menu\Programs\Cain
       (+)(FILE) CA_UserManual.lnk = 11/17/2006 12:56 PM, 687 bytes
       (+)(FILE) Cain.lnk = 11/17/2006 12:56 PM, 1498 bytes
       (+)(FILE) Uninstall Cain.lnk = 11/17/2006 12:56 PM, 1550 bytes
       (+)(FILE) Whatsnew.lnk = 11/17/2006 12:56 PM, 1538 bytes
       (+)(FILE) Winrtgen.lnk = 11/17/2006 12:56 PM, 1665 bytes
    (+)(FOLDER) C:\Program Files\Cain
       (+)(FILE) Abel.dll.sig = 11/12/2006 11:50 PM, 66 bytes
       (+)(FILE) Abel.dll = 11/12/2006 11:48 PM, 28672 bytes
       (+)(FILE) Abel.exe.sig = 11/12/2006 11:50 PM, 66 bytes
       (+)(FILE) Abel.exe = 11/12/2006 11:49 PM, 27648 bytes
       (+)(FILE) CA_UserManual.chm = 10/27/2006 12:19 AM, 3221228 bytes
       (+)(FILE) Cain.exe.sig = 11/12/2006 11:50 PM, 66 bytes
       (+)(FILE) Cain.exe = 11/12/2006 11:49 PM, 951808 bytes
       (+)(FILE) Install.log = 11/17/2006 12:56 PM, 2085 bytes
       (+)(FILE) oui.txt = 9/7/2006 1:04 AM, 421849 bytes
       (+)(FILE) UNINSTAL.EXE = 5/27/1997 4:04 PM, 108544 bytes
       (+)(FILE) Whatsnew.txt = 11/12/2006 11:48 PM, 47444 bytes
    (+)(FOLDER) C:\Program Files\Cain\Driver
       (+)(FILE) WinPcap_4_0_beta2.exe = 10/27/2006 12:16 AM, 504725 bytes
    (+)(FOLDER) C:\Program Files\Cain\Winrtgen
       (+)(FILE) charset.txt = 5/4/2005 12:24 AM, 2225 bytes
       (+)(FILE) Winrtgen.exe.sig = 11/9/2006 1:06 AM, 66 bytes
       (+)(FILE) Winrtgen.exe = 11/9/2006 12:41 AM, 188928 bytes
    (+)(FOLDER) C:\Program Files\Cain\Wordlists
       (+)(FILE) Wordlist.txt = 10/28/2005 8:47 PM, 3456292 bytes
    (FOLDER) C:\WINDOWS
       (*)(FILE) setupapi.log
        11/6/2006 10:55 AM, 182830 bytes ==> 11/17/2006 12:56 PM, 183870 bytes
    (FOLDER) C:\WINDOWS\system32
       (*)(FILE) Packet.dll
        8/2/2005 3:08 PM, 81920 bytes ==> 10/17/2006 12:15 PM, 81920 bytes
       (*)(FILE) pthreadVC.dll
        8/2/2005 3:24 PM, 53299 bytes ==> 10/17/2006 12:19 PM, 53299 bytes
       (*)(FILE) WanPacket.dll
        8/2/2005 3:08 PM, 61440 bytes ==> 10/17/2006 12:14 PM, 61440 bytes
       (*)(FILE) wpcap.dll
        8/2/2005 3:18 PM, 233472 bytes ==> 10/17/2006 12:16 PM, 233472 bytes
    (FOLDER) C:\WINDOWS\system32\CatRoot2
       (*)(FILE) edb.log
        11/17/2006 3:08 AM, 131072 bytes ==> 11/17/2006 12:56 PM, 131072 bytes
       (+)(FILE) tmp.edb = 11/17/2006 12:56 PM, 1056768 bytes
    (FOLDER) C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
       (*)(FILE) catdb
        11/17/2006 3:05 AM, 3153920 bytes ==> 11/17/2006 12:56 PM, 3153920 bytes
    (FOLDER) C:\WINDOWS\system32\config
       (*)(FILE) software.LOG
        11/17/2006 12:51 PM, 1024 bytes ==> 11/17/2006 12:56 PM, 1024 bytes
       (*)(FILE) system.LOG
        11/17/2006 11:32 AM, 1024 bytes ==> 11/17/2006 12:56 PM, 1024 bytes
    (FOLDER) C:\WINDOWS\system32\drivers
       (*)(FILE) npf.sys
        8/2/2005 3:10 PM, 32512 bytes ==> 10/17/2006 12:09 PM, 35072 bytes

REGISTRY DETAILS [View: All Details] (All)
------------------------------------------
    (+)(REG KEY) HKEY_CURRENT_USER\Software\Cain
    (+)(REG KEY) HKEY_CURRENT_USER\Software\Cain\Settings
       (+)(REG VAL) WorkDir = REG_SZ, "C:\Program Files\Cain"
    (+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cain & Abel v3.8
       (+)(REG VAL) DisplayName = REG_SZ, "Cain & Abel v3.8"
       (+)(REG VAL) UninstallString = REG_SZ, "C:\PROGRA~1\Cain\UNINSTAL.EXE C:\PROGRA~1\Cain\Install.log"
    (REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
       (*)(REG VAL) DisplayName
        REG_SZ, "WinPcap 3.1" ==> REG_SZ, "WinPcap 4.0 beta 2"
       (*)(REG VAL) DisplayVersion
        REG_SZ, "3.1.0.27" ==> REG_SZ, "4.0.0.655"
       (*)(REG VAL) VersionMajor
        REG_SZ, "3" ==> REG_SZ, "4"
       (*)(REG VAL) VersionMinor
        REG_SZ, "1" ==> REG_SZ, "0"
    (+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000
    (+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Deleted Device IDs
    (REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000
       (+)(REG VAL) Driver = REG_SZ, "{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000"