Portmon log for Paul (Part3)

I dont know if you need much more. I've only posted 335 of the almost
1300 entries, most are when connecting to google after this, but here is
a little more. I saved the rest and can send it later. AIOE only
allows so much data sent in a period of time too.

Here is about another hundred entries....

336 35.43910357 SUCCESS
346 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
346 0.00001453 SUCCESS Length 288:

~!E..p.*....y.J.....u.5...\D+.0...........google. com...........
347 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
347 0.34124141 SUCCESS
348 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 2825
348 0.00001397 SUCCESS Length 96:
.......ns2...............ns4..........6.....

..........6....."....
349 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
350 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:
~!E..0.

@....]...uJ}].D...P........p. .P...........c.~
350 0.00909333 SUCCESS
351 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .Q.............~
351 0.00675058 SUCCESS
349 0.40647149 SUCCESS
352 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
352 0.00001509 SUCCESS Length 53:
!E..0)+..6.%SJ}].D...u.P..........p..........d......~
353 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

. X.t....~
354 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
353 0.01296533 SUCCESS
355 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 431:
~-P...GET /

HTTP/1.1..Host: google.com..User-Agent: Mozilla/5.0
355 0.01312765 SUCCESS
354 0.26220372 SUCCESS
356 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
356 0.00001201 SUCCESS Length 53:
!E..0b...6...J}].D...u.P..&.W_JN.(p...K......d....N.~
357 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

`P. X.x..w.~
358 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
357 0.01304020 SUCCESS
358 0.30169896 SUCCESS
359 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
359 0.00001369 SUCCESS Length 45:
/E..(),..6.%ZJ}].D...u.P..........P...:8..).~
360 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
360 0.34122856 SUCCESS
361 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
361 0.00001760 SUCCESS Length 576: -..5HTTP/1.1 301 Moved
Permanently..Location:

http://www.google.
362 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
363 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 65:

~!E...5....o....u.J.....5.(6.k............www.google.com.......
363 0.00127949 SUCCESS
364 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 19:
~-n........9....!C~
364 0.00535599 SUCCESS
362 0.44597903 SUCCESS
365 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
365 0.00001564 SUCCESS Length 285:

!E....u......J.....u.5.....k............www.google.com........
366 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
367 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. ...............~
367 0.01144475 SUCCESS
366 0.07856557 SUCCESS
368 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
368 0.00001788 SUCCESS Length 614:
/E..a)...6.#.J}].D...u.P..........P....5..HTTP/1.1 301

Moved Per
369 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

~
370 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
369 0.01273290 SUCCESS
371 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. ...............~
371 0.00259223 SUCCESS
370 0.32767712 SUCCESS
372 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
372 0.00001481 SUCCESS Length 53:
!E..0....6...J}].R...u.P...V=...=.p...P......d....X.~
373 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

. X....#(~
374 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
373 0.01299607 SUCCESS
375 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 435:
~-P..HGET /

HTTP/1.1..Host: www.google.com..User-Agent: Mozilla/
375 0.01307289 SUCCESS
374 0.24907495 SUCCESS
376 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
376 0.00001397 SUCCESS Length 53:
!E..0\8..6..7J}].R...u.P...."I..p.p...bz.....d......~
377 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

..."JP. X.+....~
378 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
377 0.01295332 SUCCESS
378 0.17047418 SUCCESS
379 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
379 0.00001369 SUCCESS Length 46:
/E..(....6...J}].R...u.P...V=....P...}]R...s~
380 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
380 0.36735758 SUCCESS
381 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
381 0.00002151 SUCCESS Length 1041: -.|.HTTP/1.1 302 Found..Location:

https://www.google.com/..Cache
382 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
383 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .lp...........8~
383 0.01042199 SUCCESS
384 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 19:
~-n............._6~
384 0.00556747 SUCCESS
385 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .t`..........u~
385 0.00757331 SUCCESS
382 0.48522787 SUCCESS
386 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
386 0.00001453 SUCCESS Length 53:
!E..0)/..6.%AJ}].R...u......t.....p..........d.....B~
387 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

. X6.....~
388 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
387 0.01319972 SUCCESS
389 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 181:

~-P..............S!s..4..A.L.....!..A.}]..8...I.'\..H...........
389 0.01285918 SUCCESS
388 0.05243264 SUCCESS
390 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
390 0.00002151 SUCCESS Length 1079:
/E..2....6...J}].R...u.P...V=....P...|...HTTP/1.1

302 Found..Lo
391 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

..../.~
392 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
391 0.01265580 SUCCESS
392 0.19632383 SUCCESS
393 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
393 0.00001369 SUCCESS Length 53:
!E..0....6.:.J}].R...u.......V....p...8......d......~
394 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 46:

. X.Z....~
395 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
394 0.01298908 SUCCESS
396 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 180:

...........9
396 0.01314385 SUCCESS
395 0.24922357 SUCCESS
397 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
397 0.00001453 SUCCESS Length 154:
/E..()0..6.%HJ}].R...u......t.....P.......2w~-

........g...c..S!
398 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
398 0.27554787 SUCCESS
399 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3004
399 0.00002514 SUCCESS Length 1457:

/1.1..............z0..v0..^.......C..Q*...0...*.H.. ......0I1.0..
400 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
401 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 14:
~-l.0...d...!~
401 0.00991076 SUCCESS
400 0.22267160 SUCCESS
402 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 2943
402 0.00002319 SUCCESS Length 1240:

!.Z.a..2D..t.SOU...b...Y_......^.?.[H8.S.$........S..J..T.}]..ko
403 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
404 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 12:
~-D.+l..d.E~
404 0.00129989 SUCCESS
403 0.17051385 SUCCESS
405 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3101
405 0.00002067 SUCCESS Length 863:

..9.^&+.=...2...(R.q..3=.8..6.b.y..0._.+.qk....... ...0..0...U.#..
406 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
406 0.00001341 SUCCESS
407 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3087
407 0.00000391 SUCCESS Length 0:
408 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
409 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 174:

.....,...
409 0.00699419 SUCCESS
410 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 70:

~!E..A.|....oW...u.J.....5.-.Txb...........clients1.google.com..
410 0.00819322 SUCCESS
408 0.30147267 SUCCESS
411 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3087
411 0.00002347 SUCCESS Length 1403:

...{.&.)*..P...3.....,6.....;..................#.. 3t.".spdy/4a4.s
412 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
413 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 14:
~-l..K..d....~
413 0.00551551 SUCCESS
412 0.31477939 SUCCESS
414 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3080
414 0.00002430 SUCCESS Length 1375: 0...U....US1.0...U....Google
Inc1%0#..U....Google

Internet Auth
415 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
416 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 13:
~-D.....d}^.~
416 0.00996551 SUCCESS
415 0.19667891 SUCCESS
417 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3103
417 0.00001956 SUCCESS Length 900:

6S.9.^&+.=...2...(R.q..3=.8..6.b.y..0._.+.qk...... ....0..0...U.#
418 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
419 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 176:

~-v..............F...BA.Y.....]..G..I.CZZ&..oR.I. .T.....W.5....
419 0.00846476 SUCCESS
418 0.17033673 SUCCESS
420 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3006
420 0.00001760 SUCCESS Length 753: U.#..0...H.h.+....G.#

..O3....0...U.......z.h.....d..}].}]e...N0.
421 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 10:
~-o.*..~
422 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
421 0.01298852 SUCCESS
423 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 70:

~!E..A......gT...u.J.....5.-wdxb...........clients1.google.com..
423 0.01201829 SUCCESS
422 0.19679848 SUCCESS
424 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3093
424 0.00002067 SUCCESS Length 870:

..u............P...k...9..6S.9.^&+.=...2...(R.q..3 =.8..6.b.y..0._
425 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 10:
~-o..I.$.~
426 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
425 0.01262758 SUCCESS
426 0.05228095 SUCCESS
427 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3061
427 0.00001564 SUCCESS Length 405:

google.com..............%...clients.l...1......... .J}].F.1.....
428 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
429 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. ..n............~
429 0.01111398 SUCCESS
430 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .............|G~
430 0.01307792 SUCCESS
428 0.05214909 SUCCESS
431 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3073
431 0.00001453 SUCCESS Length 233:

......=..A..]8.k....].Y........,.J........b....]..z.q6&.qW...B..
432 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
432 0.01294159 SUCCESS
433 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3098
433 0.00001341 SUCCESS Length 46:
......y7...C.2.T..9:..z.0R..\...5+.mbG......}^~
434 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 16:
~-f.*......'...~
435 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
434 0.01263848 SUCCESS
435 0.07823061 SUCCESS
436 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
436 0.00001453 SUCCESS Length 320:

-^.....b.....................5....s.=.......^...5.. V..z.V...}^..
437 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 16:
~-f..I.....'.`t~
438 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
438 0.00001313 SUCCESS
439 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
439 0.00000447 SUCCESS Length 0:
440 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0
437 0.01295472 SUCCESS
441 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .y...........|d~
441 0.00643601 SUCCESS
442 0.00000000 SVCHOST.EXE IRP_MJ_WRITE PTSerial0 Length 54:

. .sB............~
440 0.13110270 SUCCESS
443 0.00000000 SVCHOST.EXE IRP_MJ_READ PTSerial0 Length 3113
443 0.00001481 SUCCESS Length 417:

!E...z..../..J.....u.5...}]d.xb...........clients1.google.com..
444 0.00000000 SVCHOST.EXE IOCTL_SERIAL_WAIT_ON_MASK PTSerial0