Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

G-O-I-N-G-O-N-E-A-R-T-H Redirection malware


  • Please log in to reply
1 reply to this topic

#1 Dowser

Dowser

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 30 March 2011 - 09:58 AM

Hi

I seem to have acquired the same G-O-I-N-G-O-N-E-A-R-T-H Redirection malware as Brendan1241 had in this thread: http://www.bleepingcomputer.com/forums/topic333981.html and I really hope that you guys and girls will be able to help me too. It really is very frustrating.

Every link I follow from a Google search is redirected. Take for example I search "TEST", and then click on one of the links provided by google, the first thing to appear in the search bar is this address: hxxp://www.ognrheangoti.com/search.php?q=test&n=1301496536.

I am then redirected to a random page, sometimes even facebook, but usually the page is blocked by Malwarebytes.

At the time of getting the virus I was running IE8, and Firefox 3.6.10. Both are affected by the same issue. I have since installed Google Chrome but it does not experience the problem.

I also had the latest Avast running and Malware Bytes. Neither of which are finding any infection when run.

The minute I noticed that I had the virus I tried to roll back to a restore point but restore points had been switched off without my knowledge.

I have posted a DDS Log and Hijackthis Log file run about two minutes ago and below that is another report but I don't know the source. A friend of mine created it last night when he was having a look at my machine.

Any help will be appreciated:

I'm running Win7 64bit so I didn't complete the GMER scan.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Andrew at 16:05:09.98 on 30/03/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4026.2377 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page =
uSearch Bar =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\c9ynuxfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55024]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-15 273488]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-15 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-31 40384]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-3 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-23 363344]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-3 58880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-17 24152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-3 225280]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-15 20048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-24 136176]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-6-10 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-6-10 9096]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-8-12 11776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2010-8-12 135168]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-3 240160]
.
=============== Created Last 30 ================
.
2011-03-30 08:55:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{DF0908E2-DD52-4A19-A7D2-3CA5F10D8929}
2011-03-29 19:55:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{8342B25E-DBC7-4754-AC6C-09DC295500DA}
2011-03-29 17:39:23 388096 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-29 17:39:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-29 07:55:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{E42B81FB-FABB-4BC8-A60C-E559ED8F10FE}
2011-03-28 19:54:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{B01A1EB6-123D-45F9-A314-3E761903F1C8}
2011-03-28 07:53:35 -------- d-----w- C:\Users\Andrew\AppData\Local\{E9C5790C-562B-4016-9226-0EBDAFBC753B}
2011-03-27 18:58:33 -------- d-----w- C:\Users\Andrew\AppData\Local\{F062796B-34DD-40DB-8BE5-6384130A129C}
2011-03-27 06:57:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{9AFAB6B2-8CA7-4993-B4CB-1B5228D04EE0}
2011-03-26 16:36:42 -------- d-----w- C:\Users\Andrew\AppData\Local\{DB61634B-3B8F-4530-AEA7-C59A95F1E8C6}
2011-03-26 07:49:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{7FD3AD50-B30F-4C84-8FC7-EB764B8FFC0F}
2011-03-25 14:35:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{D34F3CF8-5104-4786-AD8E-ABB062589905}
2011-03-24 22:00:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{57769604-CD2B-4E71-987A-51354C84EFC6}
2011-03-24 21:45:58 -------- d-----w- C:\Users\Andrew\AppData\Local\{7B48EC69-117B-400C-BF1F-677B2F5CE5E7}
2011-03-24 08:36:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{C7E1A4D1-40DD-4973-AA90-1EF05E85B637}
2011-03-23 12:22:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{D9E6AA56-8302-41E0-B2AF-719936220DF2}
2011-03-22 18:57:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{5FBB3493-D800-409B-8DCC-D0F67726BDA8}
2011-03-22 06:56:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{B0DAD44B-F2B2-428C-8663-3A30776B99E7}
2011-03-21 11:21:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{6181906E-11CD-4B7C-894D-A7F26D46B8D7}
2011-03-20 22:35:44 -------- d-----w- C:\Users\Andrew\AppData\Local\{2AE8ADA1-97CE-4BBC-A3F8-BB79DC35990A}
2011-03-20 10:35:08 -------- d-----w- C:\Users\Andrew\AppData\Local\{16E0A9BA-2A12-4B57-82D5-9D9777EF4938}
2011-03-20 08:52:28 -------- d-----w- C:\Users\Andrew\AppData\Local\{42E19747-6584-4CEE-8225-5A35E2490880}
2011-03-19 20:51:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{393EA1B7-5A7C-4E26-8FC9-CED983E6D79B}
2011-03-19 09:21:23 -------- d-----w- C:\Program Files\iTunes
2011-03-19 09:21:23 -------- d-----w- C:\Program Files\iPod
2011-03-19 09:12:16 -------- d-----w- C:\Program Files\Bonjour
2011-03-19 08:51:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{02B34892-831B-4B59-99CB-B015762D06DC}
2011-03-18 10:22:36 -------- d-----w- C:\Program Files (x86)\CardRecovery
2011-03-17 23:12:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{11AC1DC8-AA94-469B-BC13-0438F866C43B}
2011-03-17 10:32:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{77A0DDFC-FF06-479B-9A32-4C3AE5A91CD6}
2011-03-16 22:31:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{1655F423-2DFC-41F9-8515-8BBB62AEA098}
2011-03-16 10:31:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{DEE91FE8-607D-4FC6-80F6-07FBFF15910A}
2011-03-15 22:30:49 -------- d-----w- C:\Users\Andrew\AppData\Local\{2AC2E0B9-A668-4601-9B68-6AA731081A81}
2011-03-15 22:21:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{A5A1234B-36C9-465B-9F0F-E2F641AFDD60}
2011-03-14 21:33:36 -------- d-----w- C:\Users\Andrew\AppData\Local\{00CF0439-A621-4D47-B6D5-1CA1C72B533C}
2011-03-14 11:03:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{22E5D9A2-0FA1-4696-9347-8CE23A1C2694}
2011-03-13 19:17:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{9B3389A6-AC53-478F-802A-62B156CFF7EB}
2011-03-13 15:30:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{ED9447CC-89D7-45AE-9AB3-9DFDCB0BB0C8}
2011-03-13 15:05:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{5E84A8EA-F935-4889-B21D-DA9F8AFA8945}
2011-03-12 11:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 11:23:08 -------- d-----w- C:\Users\Andrew\AppData\Local\{2A9C7A3F-1F71-4DCD-A97B-A6ED84FBB4F7}
2011-03-12 11:04:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{84A35BF3-C58C-4D99-B7EE-BA1E6C85B861}
2011-03-11 17:33:00 -------- d-----w- C:\Users\Andrew\AppData\Local\{1302E2ED-F6B7-42D1-A3C6-A834E3BA769F}
2011-03-10 23:29:01 -------- d-----w- C:\Users\Andrew\AppData\Local\{2266548E-032D-4AE3-B400-9C430F384921}
2011-03-10 11:27:41 -------- d-----w- C:\Users\Andrew\AppData\Local\{9373440F-29E0-424F-9D5D-B39832573BA7}
2011-03-10 11:24:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{5EC07DE6-1695-4C97-BE46-63F84ED13262}
2011-03-09 22:48:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{46AF9F92-45D1-4CA9-B7EB-26463066624B}
2011-03-09 12:45:19 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-09 12:45:17 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-09 12:45:16 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-09 12:45:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-09 12:45:16 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-09 12:44:46 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 12:44:46 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 12:44:45 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 12:44:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 12:44:45 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 12:44:44 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 12:44:44 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 12:44:44 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 12:43:31 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 12:43:31 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 12:43:30 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 12:43:30 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 10:47:33 -------- d-----w- C:\Users\Andrew\AppData\Local\{4188C6E4-B807-4E60-A6CE-CDE5DBF1A84B}
2011-03-08 22:38:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{87D7299D-888B-47C6-92FA-ED29B157F65E}
2011-03-08 10:37:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{1F468CF2-CFCC-4A7A-9EFC-32D1227CDCBA}
2011-03-08 10:03:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{6D62B92D-5CF4-4C3A-8569-7901D57311DE}
2011-03-07 22:50:04 143360 --sha-r- C:\Windows\SysWow64\eappcfgl.dll
2011-03-07 13:18:11 -------- d-----w- C:\Users\Andrew\AppData\Local\{3C6A89CB-DE92-4C60-B225-5FC76A0B998B}
2011-03-06 13:04:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{5F21F452-A11D-435B-8D78-6FC16E39B1DA}
2011-03-06 12:58:39 -------- d-----w- C:\Users\Andrew\AppData\Local\{6D75B8DC-FCE6-4AA7-9CD3-F0086F93E4F8}
2011-03-05 22:36:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{5AF69D89-C0E3-4A83-B16C-736A30FC6BF5}
2011-03-05 10:36:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{EB5D2BFB-E2B4-40B1-A766-4ABCD3048B07}
2011-03-05 02:02:51 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3081140A-8FAB-497D-B392-F73D4E3E22D1}\mpengine.dll
2011-03-04 22:35:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{C8BC4AD5-AE76-4B01-8E66-FE131BC37D30}
2011-03-04 08:59:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{AF6B0419-66ED-4621-82A6-B0184EC34E46}
2011-03-03 16:09:36 -------- d-----w- C:\Users\Andrew\AppData\Local\{904D3887-992E-4655-B9E7-660E08A1CE62}
2011-03-03 16:05:11 -------- d-----w- C:\Users\Andrew\AppData\Local\{E53FC095-7AA9-4010-8958-88103BABB92F}
2011-03-03 15:54:40 -------- d-----w- C:\Users\Andrew\AppData\Local\{0F60E262-6E32-4CEF-A569-383CE0D7ABD7}
2011-03-03 11:16:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{92678CA3-7269-4645-88D9-F88013734EC1}
2011-03-03 11:13:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{9513FDDB-C1FE-4F16-A47B-D592109D0248}
2011-03-02 22:56:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{67FD3A5B-F2AD-4069-8284-252F81848DE9}
2011-03-02 10:55:57 -------- d-----w- C:\Users\Andrew\AppData\Local\{64DA7E7E-EED8-4A6C-8E7E-7810909BCE7E}
2011-03-01 22:03:27 -------- d-----w- C:\Users\Andrew\AppData\Local\{4B8F43AF-62FA-4561-A350-886249EBFCA6}
2011-03-01 10:02:37 -------- d-----w- C:\Users\Andrew\AppData\Local\{E2FA3683-54B7-4C8F-A725-BA38301C4255}
2011-02-28 22:06:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{8C72B306-0C66-49CC-A83B-463E10BF6E84}
.
==================== Find3M ====================
.
2011-03-28 18:09:30 5642 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 17:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:06:11.65 ===============



------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:21, on 30/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10461 bytes


-----------------------------------------------------------------------------------------------------------------------

Another log created by a friend of mine looks like this:


hxxp://www.google.co.uk/url?sa=T&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fotvet.mail.ru%2Fquestion%2F35586319%2F&ei=TxuSTaGYEZCzhAfrx_CYDw

GET /url?sa=T&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fotvet.mail.ru%2Fquestion%2F35586319%2F&ei=TxuSTaGYEZCzhAfrx_CYDw HTTP/1.1
Host: www.google.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Cookie: PREF=ID=45e2006b59bb8df1:U=29ee2222d73fc83f:FF=0:TM=1301418947:LM=1301419071:S=SOyDwSVL5DlVvhuW; NID=45=rC10KHxuWnTitDHE14H3MoYOCKvahDmThe9Hso1OjKW_KoO5eJ-Mn5_6B6NFi-Wvyv7jrwspjyiPFgEGGlCN2smva-D5OYRjqMrbu2pbVh6FEB6lYfUsr51qUgEZIc-9

HTTP/1.1 204 No Content
Date: Tue, 29 Mar 2011 17:48:08 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: gws
Content-Length: 0
X-XSS-Protection: 1; mode=block
----------------------------------------------------------
hxxp://otvet.mail.ru/question/35586319/

GET /question/35586319/ HTTP/1.1
Host: otvet.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a

HTTP/1.1 302 Moved Temporarily
Location: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Connection: close
Cache-Control: no-cache
----------------------------------------------------------
hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

GET /search.php?q=kjhbdfk&n=1301420882 HTTP/1.1
Host: www.goingonearth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Cookie: F8291210=1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 2661
Connection: close
----------------------------------------------------------
hxxp://64.111.211.161/c.php?s=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg

POST /c.php?s=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg HTTP/1.1
Host: 64.111.211.161
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Cookie: uid=b0467d3e94d19d9181864e166fefd75c
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.65
Date: Tue, 29 Mar 2011 17:48:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hxxp://64.111.211.155/c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2=
----------------------------------------------------------
hxxp://64.111.211.155/c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2=

GET /c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2= HTTP/1.1
Host: 64.111.211.155
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A
----------------------------------------------------------
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A

GET /bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A HTTP/1.1
Host: pda.mv.bidsystem.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F
Server: Microsoft-IIS/7.0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 2.0.50727
Set-Cookie: mv_affiliate_id=52594; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_subaffiliate_id=19377-3; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_customer_id=217416; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: as=259964663cb04bfbae91c4201b18144d; domain=.bidsystem.com; expires=Wed, 28-Mar-2012 17:48:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Length: 586
----------------------------------------------------------
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F

GET /bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F HTTP/1.1
Host: pda.mv.bidsystem.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Cookie: mv_affiliate_id=52594; mv_subaffiliate_id=19377-3; mv_customer_id=217416; mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; as=259964663cb04bfbae91c4201b18144d

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: hxxp://network.adsmarket.com/click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58
Server: Microsoft-IIS/7.0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 2.0.50727
Set-Cookie: mv_affiliate_id=52594; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_subaffiliate_id=19377-3; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_customer_id=217416; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: as=259964663cb04bfbae91c4201b18144d; domain=.bidsystem.com; expires=Wed, 28-Mar-2012 17:48:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Length: 219
----------------------------------------------------------
hxxp://network.adsmarket.com/click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58

GET /click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58 HTTP/1.1
Host: network.adsmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

HTTP/1.1 302 Found
Date: Tue, 29 Mar 2011 17:48:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=mv2e7qvqqnk04evc2u722sme12; path=/
Set-Cookie: ce-visitor-imNtnF8=iGFv3YWgr96ZmmyeX-WTvKZ1cctltZ2YxIJplV6bepQ; expires=Thu, 28-Apr-2011 17:48:10 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-iWZvlWKde8OJZW2ZXp16nJFo=iWZvlWKde8OJZW2ZXp16nJFo; expires=Wed, 30-Mar-2011 17:48:10 GMT; path=/; domain=network.adsmarket.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: hxxp://go2zynga.com/aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 4
Connection: close
Content-Type: text/html; charset=UTF-8
----------------------------------------------------------
hxxp://go2zynga.com/aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000

GET /aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000 HTTP/1.1
Host: go2zynga.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

HTTP/1.1 302 Found
Date: Tue, 29 Mar 2011 17:48:10 GMT
Server: Apache/2.2.14 (Unix) mod_apreq2-20051231/2.6.0
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Location: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Set-Cookie: aff_session_63=4-8618216163110329-31-63-0-0-0-0-UK-2-_-52187-_-_-_-1-86.18.2.161-20110329134810-http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882-; expires=Wed, 30 Mar 2011 17:48:10 GMT; path=/;
P3P: CP="NOI DEVa TAIa OUR BUS"
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

GET /cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK HTTP/1.1
Host: apps.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: hxxp://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; expires=Thu, 28-Mar-2013 17:48:11 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=8Hucm; path=/; domain=.facebook.com
Set-Cookie: reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.248.102
X-Cnection: close
Transfer-Encoding: chunked
Date: Tue, 29 Mar 2011 17:48:11 GMT
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/y4/r/oCUXctprNJz.css

GET /rsrc.php/v1/y4/r/oCUXctprNJz.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 12:04:50 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 3328
Vary: Accept-Encoding
Cache-Control: public, max-age=30849354
Expires: Tue, 20 Mar 2012 19:04:05 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/ye/r/3pIQ1RDUIxC.css

GET /rsrc.php/v1/ye/r/3pIQ1RDUIxC.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:46:51 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.64.184
Content-Length: 1670
Vary: Accept-Encoding
Cache-Control: public, max-age=30247187
Expires: Tue, 13 Mar 2012 19:47:58 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

GET /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Length: 2209
Content-Type: image/png
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=27851807
Expires: Wed, 15 Feb 2012 02:24:58 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yA/r/u0-QgHvi8pN.css

GET /rsrc.php/v1/yA/r/u0-QgHvi8pN.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:51:58 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 3411
Vary: Accept-Encoding
Cache-Control: public, max-age=30247365
Expires: Tue, 13 Mar 2012 19:50:56 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yW/r/r8tt3gFbIQr.css

GET /rsrc.php/v1/yW/r/r8tt3gFbIQr.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 19:08:55 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 12737
Vary: Accept-Encoding
Cache-Control: public, max-age=30961146
Expires: Thu, 22 Mar 2012 02:07:17 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.connect.facebook.com/connect.php/en_GB

GET /connect.php/en_GB HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Etag: "4326d1e5cb460f5e7ac41c5c0eba347a"
Content-Encoding: gzip
X-FB-Server: 10.27.3.126
X-Cnection: close
Content-Length: 6502
Vary: Accept-Encoding
Cache-Control: public, max-age=130
Expires: Tue, 29 Mar 2011 17:50:21 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js

GET /rsrc.php/v1/y-/r/jDl2O6ZuAyq.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 11:51:15 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 11565
Vary: Accept-Encoding
Cache-Control: public, max-age=30934968
Expires: Wed, 21 Mar 2012 18:50:59 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png

GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://static.ak.fbcdn.net/rsrc.php/v1/yW/r/r8tt3gFbIQr.css

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:46:52 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.64.183
Content-Length: 853
Vary: Accept-Encoding
Cache-Control: public, max-age=30247012
Expires: Tue, 13 Mar 2012 19:45:03 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.connect.facebook.com/connect.php/en_GB/js/CacheData

GET /connect.php/en_GB/js/CacheData HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Etag: "c98d28fb7f99ad46aac8884cc195d814"
Content-Encoding: gzip
X-FB-Server: 10.32.182.114
X-Cnection: close
Content-Length: 19335
Cache-Control: public, max-age=1169
Expires: Tue, 29 Mar 2011 18:07:40 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://photos-f.ak.fbcdn.net/photos-ak-snc1/v27562/71/291549705119/app_2_291549705119_3378.gif

GET /photos-ak-snc1/v27562/71/291549705119/app_2_291549705119_3378.gif HTTP/1.1
Host: photos-f.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 1035
Last-Modified: Tue, 16 Nov 2010 00:08:24 GMT
Accept-Ranges: bytes
X-N: S
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
Cache-Control: max-age=1209600
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/ijnRamAy6bi.js

GET /rsrc.php/v1/yZ/r/ijnRamAy6bi.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 11:58:37 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.69.185
Content-Length: 12565
Vary: Accept-Encoding
Cache-Control: public, max-age=30848931
Expires: Tue, 20 Mar 2012 18:57:03 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yd/r/joZW3ByQt4l.js

GET /rsrc.php/v1/yd/r/joZW3ByQt4l.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 23 Mar 2010 18:29:36 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.69.184
Content-Length: 9093
Vary: Accept-Encoding
Cache-Control: public, max-age=31045266
Expires: Fri, 23 Mar 2012 01:29:18 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yX/r/zRa90Q7u7gU.js

GET /rsrc.php/v1/yX/r/zRa90Q7u7gU.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 23 Mar 2010 13:11:13 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.185
Content-Length: 26158
Vary: Accept-Encoding
Cache-Control: public, max-age=31026168
Expires: Thu, 22 Mar 2012 20:11:00 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/r5bpwwXlitT.js

GET /rsrc.php/v1/yf/r/r5bpwwXlitT.js HTTP/1.1
Host: b.static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 25 Mar 2011 21:24:12 GMT
Content-Encoding: gzip
X-FB-Server: 10.138.64.184
Content-Length: 2457
Vary: Accept-Encoding
Cache-Control: public, max-age=31203822
Expires: Sat, 24 Mar 2012 21:31:54 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yh/r/ffAr8hIZoP5.js

GET /rsrc.php/v1/yh/r/ffAr8hIZoP5.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 21:53:04 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.17.185
Content-Length: 36454
Vary: Accept-Encoding
Cache-Control: public, max-age=30884702
Expires: Wed, 21 Mar 2012 04:53:14 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yf/r/fwecnuTvq06.js

GET /rsrc.php/v1/yf/r/fwecnuTvq06.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 25 Mar 2011 01:46:17 GMT
Content-Encoding: gzip
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 30637
Vary: Accept-Encoding
Cache-Control: public, max-age=31134884
Expires: Sat, 24 Mar 2012 02:22:56 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://fb-0.cityville.zynga.com/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK

POST /tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK HTTP/1.1
Host: fb-0.cityville.zynga.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Content-Type: application/x-www-form-urlencoded
Content-Length: 214
signed_request=5NuaUw58WVOYcnq6PJGDWG3U7mPJNVU5VaPvmzpKr6Q.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMwMTQyMDg5MSwidXNlciI6eyJjb3VudHJ5IjoiZ2IiLCJsb2NhbGUiOiJlbl9HQiIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0
HTTP/1.1 200 OK
Date: Tue, 29 Mar 2011 17:48:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Content-Length: 486
Connection: close
Content-Type: text/html; charset=UTF-8
----------------------------------------------------------
hxxp://ocsp.digicert.com/

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request
0q0o0M0K0I0 +
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Mar 2011 17:48:12 GMT
Content-Type: application/ocsp-response
Connection: keep-alive
Expires: Mon, 04 Apr 2011 16:15:37 GMT
Cache-Control: max-age=518400, public, no-transform
Content-Length: 471
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://ocsp.digicert.com/

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request
0q0o0M0K0I0 +
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Mar 2011 17:48:12 GMT
Content-Type: application/ocsp-response
Connection: close
Expires: Mon, 04 Apr 2011 17:03:20 GMT
Cache-Control: max-age=518400, public, no-transform
Content-Length: 1100
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream

GET /login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://fb-0.cityville.zynga.com/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: hxxp://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; expires=Thu, 28-Mar-2013 17:48:13 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; path=/; domain=.facebook.com
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.50.37
X-Cnection: close
Date: Tue, 29 Mar 2011 17:48:13 GMT
Content-Length: 6044
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yM/r/HJkijFx_6MU.css

GET /rsrc.php/v1/yM/r/HJkijFx_6MU.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 12:20:31 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.181
X-Cnection: close
Content-Length: 2283
Vary: Accept-Encoding
Cache-Control: public, max-age=30850378
Expires: Tue, 20 Mar 2012 19:21:11 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yh/r/mHbzNpflLi0.css

GET /rsrc.php/v1/yh/r/mHbzNpflLi0.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:57:59 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
X-Cnection: close
Content-Length: 3410
Vary: Accept-Encoding
Cache-Control: public, max-age=30247799
Expires: Tue, 13 Mar 2012 19:58:12 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yW/r/vLk0dtgLuHU.css

GET /rsrc.php/v1/yW/r/vLk0dtgLuHU.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:52:19 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.17.182
X-Cnection: close
Content-Length: 1668
Vary: Accept-Encoding
Cache-Control: public, max-age=30247472
Expires: Tue, 13 Mar 2012 19:52:45 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yZ/r/IzF9R71FmGH.css

GET /rsrc.php/v1/yZ/r/IzF9R71FmGH.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 19:07:46 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.184
X-Cnection: close
Content-Length: 12728
Vary: Accept-Encoding
Cache-Control: public, max-age=30961294
Expires: Thu, 22 Mar 2012 02:09:47 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

GET /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Length: 2209
Content-Type: image/png
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=27852590
Expires: Wed, 15 Feb 2012 02:38:03 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js

GET /rsrc.php/v1/y-/r/jDl2O6ZuAyq.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 11:53:45 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 11563
Vary: Accept-Encoding
Cache-Control: public, max-age=30935125
Expires: Wed, 21 Mar 2012 18:53:38 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/zD/r/B4K_BWwP7P5.png

GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://s-static.ak.facebook.com/rsrc.php/v1/yZ/r/IzF9R71FmGH.css
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:47:57 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 853
Vary: Accept-Encoding
Cache-Control: public, max-age=30247211
Expires: Tue, 13 Mar 2012 19:48:24 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/yi/r/q9U99v3_saj.ico

GET /rsrc.php/yi/r/q9U99v3_saj.ico HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Length: 152
Content-Type: image/x-icon
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=26583425
Expires: Tue, 31 Jan 2012 10:05:18 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yU/r/wODZsjJ9zAW.js

GET /rsrc.php/v1/yU/r/wODZsjJ9zAW.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 13:33:06 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.16.181
X-Cnection: close
Content-Length: 5046
Vary: Accept-Encoding
Cache-Control: public, max-age=30249964
Expires: Tue, 13 Mar 2012 20:34:17 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yh/r/ffAr8hIZoP5.js

GET /rsrc.php/v1/yh/r/ffAr8hIZoP5.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 22:32:14 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.64.184
X-Cnection: close
Content-Length: 36453
Vary: Accept-Encoding
Cache-Control: public, max-age=30887043
Expires: Wed, 21 Mar 2012 05:32:16 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------

Edited by Orange Blossom, 10 August 2011 - 03:41 PM.
Deactivated links. ~ OB


BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 988 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 04 April 2011 - 09:12 PM

Hello Dowser,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users