Upon returning from Japan, my SurfacePro,  semmed to be doing some funny things . I decided to videotape it with a camera this time…. 

 I was finally able to get procmon to produce reliable output, but only after removing their prefetch patches, and removing these two odd registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications

So then I sat there for six hours until 3 a.m. (it wasn't that bad, I was kinda jet lagged) and painstakingly (annoyingly) took pictures of procmon output page by page. I apologize for the annoying output format, but after wading through my last attempt to upload and post monitoring output from procmon, forensic data extraction from these potentially infecgted boxes is a PITA. I thought I should take advantageof the analog optical output loophole to finally evade all the messing with procmon save files and other output. 

P.s. In case you are wondering what the pair of eyeballs is at the top of all the stills, I use little stuffed OmNoms (CutTheRope) as quickly removable camera covers on some computers around here. It makes me giggle....
Animated PhotoPhotoPhotoPhotoPhoto
#badBIOS reinstalls
672 Photos - View album
Shared publiclyView activity