Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Hi
I seem to have acquired the same G-O-I-N-G-O-N-E-A-R-T-H Redirection malware as Brendan1241 had in this thread: http://www.bleepingcomputer.com/forums/topic333981.html and I really hope that you guys and girls will be able to help me too. It really is very frustrating.
Every link I follow from a Google search is redirected. Take for example I search "TEST", and then click on one of the links provided by google, the first thing to appear in the search bar is this address: hxxp://www.ognrheangoti.com/search.php?q=test&n=1301496536.
I am then redirected to a random page, sometimes even facebook, but usually the page is blocked by Malwarebytes.
At the time of getting the virus I was running IE8, and Firefox 3.6.10. Both are affected by the same issue. I have since installed Google Chrome but it does not experience the problem.
I also had the latest Avast running and Malware Bytes. Neither of which are finding any infection when run.
The minute I noticed that I had the virus I tried to roll back to a restore point but restore points had been switched off without my knowledge.
I have posted a DDS Log and Hijackthis Log file run about two minutes ago and below that is another report but I don't know the source. A friend of mine created it last night when he was having a look at my machine.
Any help will be appreciated:
I'm running Win7 64bit so I didn't complete the GMER scan.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Andrew at 16:05:09.98 on 30/03/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4026.2377 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page =
uSearch Bar =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\c9ynuxfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55024]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-15 273488]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-15 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-31 40384]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-3 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-23 363344]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-3 58880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-17 24152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-3 225280]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-15 20048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-24 136176]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-6-10 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-6-10 9096]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-8-12 11776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2010-8-12 135168]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-3 240160]
.
=============== Created Last 30 ================
.
2011-03-30 08:55:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{DF0908E2-DD52-4A19-A7D2-3CA5F10D8929}
2011-03-29 19:55:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{8342B25E-DBC7-4754-AC6C-09DC295500DA}
2011-03-29 17:39:23 388096 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-29 17:39:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-29 07:55:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{E42B81FB-FABB-4BC8-A60C-E559ED8F10FE}
2011-03-28 19:54:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{B01A1EB6-123D-45F9-A314-3E761903F1C8}
2011-03-28 07:53:35 -------- d-----w- C:\Users\Andrew\AppData\Local\{E9C5790C-562B-4016-9226-0EBDAFBC753B}
2011-03-27 18:58:33 -------- d-----w- C:\Users\Andrew\AppData\Local\{F062796B-34DD-40DB-8BE5-6384130A129C}
2011-03-27 06:57:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{9AFAB6B2-8CA7-4993-B4CB-1B5228D04EE0}
2011-03-26 16:36:42 -------- d-----w- C:\Users\Andrew\AppData\Local\{DB61634B-3B8F-4530-AEA7-C59A95F1E8C6}
2011-03-26 07:49:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{7FD3AD50-B30F-4C84-8FC7-EB764B8FFC0F}
2011-03-25 14:35:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{D34F3CF8-5104-4786-AD8E-ABB062589905}
2011-03-24 22:00:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{57769604-CD2B-4E71-987A-51354C84EFC6}
2011-03-24 21:45:58 -------- d-----w- C:\Users\Andrew\AppData\Local\{7B48EC69-117B-400C-BF1F-677B2F5CE5E7}
2011-03-24 08:36:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{C7E1A4D1-40DD-4973-AA90-1EF05E85B637}
2011-03-23 12:22:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{D9E6AA56-8302-41E0-B2AF-719936220DF2}
2011-03-22 18:57:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{5FBB3493-D800-409B-8DCC-D0F67726BDA8}
2011-03-22 06:56:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{B0DAD44B-F2B2-428C-8663-3A30776B99E7}
2011-03-21 11:21:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{6181906E-11CD-4B7C-894D-A7F26D46B8D7}
2011-03-20 22:35:44 -------- d-----w- C:\Users\Andrew\AppData\Local\{2AE8ADA1-97CE-4BBC-A3F8-BB79DC35990A}
2011-03-20 10:35:08 -------- d-----w- C:\Users\Andrew\AppData\Local\{16E0A9BA-2A12-4B57-82D5-9D9777EF4938}
2011-03-20 08:52:28 -------- d-----w- C:\Users\Andrew\AppData\Local\{42E19747-6584-4CEE-8225-5A35E2490880}
2011-03-19 20:51:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{393EA1B7-5A7C-4E26-8FC9-CED983E6D79B}
2011-03-19 09:21:23 -------- d-----w- C:\Program Files\iTunes
2011-03-19 09:21:23 -------- d-----w- C:\Program Files\iPod
2011-03-19 09:12:16 -------- d-----w- C:\Program Files\Bonjour
2011-03-19 08:51:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{02B34892-831B-4B59-99CB-B015762D06DC}
2011-03-18 10:22:36 -------- d-----w- C:\Program Files (x86)\CardRecovery
2011-03-17 23:12:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{11AC1DC8-AA94-469B-BC13-0438F866C43B}
2011-03-17 10:32:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{77A0DDFC-FF06-479B-9A32-4C3AE5A91CD6}
2011-03-16 22:31:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{1655F423-2DFC-41F9-8515-8BBB62AEA098}
2011-03-16 10:31:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{DEE91FE8-607D-4FC6-80F6-07FBFF15910A}
2011-03-15 22:30:49 -------- d-----w- C:\Users\Andrew\AppData\Local\{2AC2E0B9-A668-4601-9B68-6AA731081A81}
2011-03-15 22:21:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{A5A1234B-36C9-465B-9F0F-E2F641AFDD60}
2011-03-14 21:33:36 -------- d-----w- C:\Users\Andrew\AppData\Local\{00CF0439-A621-4D47-B6D5-1CA1C72B533C}
2011-03-14 11:03:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{22E5D9A2-0FA1-4696-9347-8CE23A1C2694}
2011-03-13 19:17:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{9B3389A6-AC53-478F-802A-62B156CFF7EB}
2011-03-13 15:30:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{ED9447CC-89D7-45AE-9AB3-9DFDCB0BB0C8}
2011-03-13 15:05:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{5E84A8EA-F935-4889-B21D-DA9F8AFA8945}
2011-03-12 11:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28:40 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 11:23:08 -------- d-----w- C:\Users\Andrew\AppData\Local\{2A9C7A3F-1F71-4DCD-A97B-A6ED84FBB4F7}
2011-03-12 11:04:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{84A35BF3-C58C-4D99-B7EE-BA1E6C85B861}
2011-03-11 17:33:00 -------- d-----w- C:\Users\Andrew\AppData\Local\{1302E2ED-F6B7-42D1-A3C6-A834E3BA769F}
2011-03-10 23:29:01 -------- d-----w- C:\Users\Andrew\AppData\Local\{2266548E-032D-4AE3-B400-9C430F384921}
2011-03-10 11:27:41 -------- d-----w- C:\Users\Andrew\AppData\Local\{9373440F-29E0-424F-9D5D-B39832573BA7}
2011-03-10 11:24:29 -------- d-----w- C:\Users\Andrew\AppData\Local\{5EC07DE6-1695-4C97-BE46-63F84ED13262}
2011-03-09 22:48:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{46AF9F92-45D1-4CA9-B7EB-26463066624B}
2011-03-09 12:45:19 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-09 12:45:17 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-09 12:45:16 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-09 12:45:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-09 12:45:16 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-09 12:44:46 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 12:44:46 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 12:44:45 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 12:44:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 12:44:45 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 12:44:44 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 12:44:44 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 12:44:44 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 12:43:31 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 12:43:31 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 12:43:30 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 12:43:30 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 10:47:33 -------- d-----w- C:\Users\Andrew\AppData\Local\{4188C6E4-B807-4E60-A6CE-CDE5DBF1A84B}
2011-03-08 22:38:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{87D7299D-888B-47C6-92FA-ED29B157F65E}
2011-03-08 10:37:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{1F468CF2-CFCC-4A7A-9EFC-32D1227CDCBA}
2011-03-08 10:03:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{6D62B92D-5CF4-4C3A-8569-7901D57311DE}
2011-03-07 22:50:04 143360 --sha-r- C:\Windows\SysWow64\eappcfgl.dll
2011-03-07 13:18:11 -------- d-----w- C:\Users\Andrew\AppData\Local\{3C6A89CB-DE92-4C60-B225-5FC76A0B998B}
2011-03-06 13:04:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{5F21F452-A11D-435B-8D78-6FC16E39B1DA}
2011-03-06 12:58:39 -------- d-----w- C:\Users\Andrew\AppData\Local\{6D75B8DC-FCE6-4AA7-9CD3-F0086F93E4F8}
2011-03-05 22:36:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{5AF69D89-C0E3-4A83-B16C-736A30FC6BF5}
2011-03-05 10:36:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{EB5D2BFB-E2B4-40B1-A766-4ABCD3048B07}
2011-03-05 02:02:51 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3081140A-8FAB-497D-B392-F73D4E3E22D1}\mpengine.dll
2011-03-04 22:35:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{C8BC4AD5-AE76-4B01-8E66-FE131BC37D30}
2011-03-04 08:59:31 -------- d-----w- C:\Users\Andrew\AppData\Local\{AF6B0419-66ED-4621-82A6-B0184EC34E46}
2011-03-03 16:09:36 -------- d-----w- C:\Users\Andrew\AppData\Local\{904D3887-992E-4655-B9E7-660E08A1CE62}
2011-03-03 16:05:11 -------- d-----w- C:\Users\Andrew\AppData\Local\{E53FC095-7AA9-4010-8958-88103BABB92F}
2011-03-03 15:54:40 -------- d-----w- C:\Users\Andrew\AppData\Local\{0F60E262-6E32-4CEF-A569-383CE0D7ABD7}
2011-03-03 11:16:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{92678CA3-7269-4645-88D9-F88013734EC1}
2011-03-03 11:13:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{9513FDDB-C1FE-4F16-A47B-D592109D0248}
2011-03-02 22:56:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{67FD3A5B-F2AD-4069-8284-252F81848DE9}
2011-03-02 10:55:57 -------- d-----w- C:\Users\Andrew\AppData\Local\{64DA7E7E-EED8-4A6C-8E7E-7810909BCE7E}
2011-03-01 22:03:27 -------- d-----w- C:\Users\Andrew\AppData\Local\{4B8F43AF-62FA-4561-A350-886249EBFCA6}
2011-03-01 10:02:37 -------- d-----w- C:\Users\Andrew\AppData\Local\{E2FA3683-54B7-4C8F-A725-BA38301C4255}
2011-02-28 22:06:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{8C72B306-0C66-49CC-A83B-463E10BF6E84}
.
==================== Find3M ====================
.
2011-03-28 18:09:30 5642 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 17:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:06:11.65 ===============
------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:21, on 30/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10461 bytes
-----------------------------------------------------------------------------------------------------------------------
Another log created by a friend of mine looks like this:
hxxp://www.google.co.uk/url?sa=T&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fotvet.mail.ru%2Fquestion%2F35586319%2F&ei=TxuSTaGYEZCzhAfrx_CYDw
GET /url?sa=T&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fotvet.mail.ru%2Fquestion%2F35586319%2F&ei=TxuSTaGYEZCzhAfrx_CYDw HTTP/1.1
Host: www.google.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Cookie: PREF=ID=45e2006b59bb8df1:U=29ee2222d73fc83f:FF=0:TM=1301418947:LM=1301419071:S=SOyDwSVL5DlVvhuW; NID=45=rC10KHxuWnTitDHE14H3MoYOCKvahDmThe9Hso1OjKW_KoO5eJ-Mn5_6B6NFi-Wvyv7jrwspjyiPFgEGGlCN2smva-D5OYRjqMrbu2pbVh6FEB6lYfUsr51qUgEZIc-9
HTTP/1.1 204 No Content
Date: Tue, 29 Mar 2011 17:48:08 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: gws
Content-Length: 0
X-XSS-Protection: 1; mode=block
----------------------------------------------------------
hxxp://otvet.mail.ru/question/35586319/
GET /question/35586319/ HTTP/1.1
Host: otvet.mail.ru
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
HTTP/1.1 302 Moved Temporarily
Location: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Connection: close
Cache-Control: no-cache
----------------------------------------------------------
hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
GET /search.php?q=kjhbdfk&n=1301420882 HTTP/1.1
Host: www.goingonearth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.google.co.uk/search?q=kjhbdfk&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a
Cookie: F8291210=1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 2661
Connection: close
----------------------------------------------------------
hxxp://64.111.211.161/c.php?s=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg
POST /c.php?s=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg HTTP/1.1
Host: 64.111.211.161
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Cookie: uid=b0467d3e94d19d9181864e166fefd75c
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.65
Date: Tue, 29 Mar 2011 17:48:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hxxp://64.111.211.155/c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2=
----------------------------------------------------------
hxxp://64.111.211.155/c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2=
GET /c.php?re=1&r=eNot0ktzokAUBeAfRJXpN_TCBRjUECUqishmqpumVYTgAxWo_vExM1O36pzNtzu3MJBj236lmT-HQwMGACDM_zUxCEAIMOIQE5tyI9C53lWrSvxSBQXlObUpRorbOVTaoS-fOZpQhin-k6scUkGltrWDbCwolLZmucMyIQhi3CBmkMnDevxUzX1fuK4bjvQ2efqHaLJpozbz5h-uWC13j3F8v8a9EOn0Ai0n699PfZqeYBRccnDegILn7w0NNwBU1qn8vndhd5tMJ-dJph_5cQ2fi4maFTh_uEzU9XRRrIv65JaNYN5m6wZLdiizbTIO5H6c2PM0vlzazfHWVn3EOSLjKRc3upsWYqF8ptZn5S2-LNWMU7buxOU9QvoQNNd9c1Dxyi-XMqroWbYZnnvnwgZduAxTJ1Qb6q4tVLMG2uU9a8Mv-oj72wpfuzXgxJrvQ73_ZvzLL9t0WgWu1yXd0TqUz2Df4OpowSMZBe4bO7UzesI3r4vaqPkkn_M1leWlfkYr_5Nj6G681K2twh35gHZxX4gRbFPZEJyA6_gjTPu4I2U9exvt-2TltLcbUF0gT_YsOrxVU-5yOlGNPzQOG0BngAaQQWMYGUAOBxDRAcTYAPNaTmGFZ1V62KH4KBG_zqrwIZe_T_T3DP4v1ENs6bdEtNwlARAjWkgEhkYzjlAmmCAOzbHDMCOCQKmpDaDDhDbsxZjkGeOOzHSWSyIUcjAU2FZKI_0D6UTdsg&u=7492508ca732052044b44c25f4e61a2f&cid=b0467d3e94d19d9181864e166fefd75c&rc=0&pa=&ref1=&ref2= HTTP/1.1
Host: 64.111.211.155
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A
----------------------------------------------------------
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A
GET /bin/findwhat.dll?clickthrough&y=52594&x=7Qpx508aPxAx9ooF8t2whYijHt2BdD2ZUY2WUBpdXozBHFo7b:khQO1vawmf7ouxpF;1LS2fFoN3oMAKN5ncWxAfoxLZ59Pj3VAWj:UkQVGmsH35GpkcVi9goBLZgDrUVVMQ8rzD5OitdzNO6BEp8hTHgwTCNWEpVYa9QluZGYQFP99BeVN7GhxDa9iqoCmuUFmpK9NM3iPMWWxSr:AadhiJawo1gH9aUNQElx9JQ:nuUD8HeBx0p6MwlFAY3Jn3LCMc5HGLU:DGapi0VCQpuNSCeJ7$A HTTP/1.1
Host: pda.mv.bidsystem.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F
Server: Microsoft-IIS/7.0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 2.0.50727
Set-Cookie: mv_affiliate_id=52594; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_subaffiliate_id=19377-3; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_customer_id=217416; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: as=259964663cb04bfbae91c4201b18144d; domain=.bidsystem.com; expires=Wed, 28-Mar-2012 17:48:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Length: 586
----------------------------------------------------------
hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F
GET /bin/findwhat.dll?clickthrough&y=52594&x=TWUEVNdyBZ7Eu6Dp5GWvRAhZGcWepuWdiAW97FUKhxkea2DGzAZ;AsRIP6VJT6bEy2KCXaWJo6HBsW7RG86bNd7JsZLdVlxZVG797gY2AcJg4m01rLZbZRSuWFLd9uemZc1X9ukqVshSpVH0ZFuP5jaT96aDaouPZA:5ACbdpgfpBlSe1cHGpwpqPlhLswVs7NVP;lHtwRxtNopOog7ypjhf;xDC9FSyidfFAdSfAg6siudTBFpHyJ1v627UV86BXw1bVFJA7AToPLhHZwfPXd9D1mfWBxRD0&c=75024305%2D0E65%2D4D4A%2DA593%2D5D703FD3F3CF&cid=6FED8454%2D6F5B%2D4530%2DAB7C%2D6F4443D2555F HTTP/1.1
Host: pda.mv.bidsystem.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
Cookie: mv_affiliate_id=52594; mv_subaffiliate_id=19377-3; mv_customer_id=217416; mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; as=259964663cb04bfbae91c4201b18144d
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: hxxp://network.adsmarket.com/click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58
Server: Microsoft-IIS/7.0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-AspNet-Version: 2.0.50727
Set-Cookie: mv_affiliate_id=52594; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_subaffiliate_id=19377-3; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_customer_id=217416; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: mv_click_id=75024305-0E65-4D4A-A593-5D703FD3F3CF; domain=.bidsystem.com; expires=Tue, 29-Mar-2011 17:48:10 GMT; path=/
Set-Cookie: as=259964663cb04bfbae91c4201b18144d; domain=.bidsystem.com; expires=Wed, 28-Mar-2012 17:48:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 29 Mar 2011 17:48:09 GMT
Content-Length: 219
----------------------------------------------------------
hxxp://network.adsmarket.com/click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58
GET /click/jWNqnWXKf5SRYmrEXsp6w4lqcJteon_DjGlwmWXKfJaMaGrEX516m49i&?dp=58 HTTP/1.1
Host: network.adsmarket.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
HTTP/1.1 302 Found
Date: Tue, 29 Mar 2011 17:48:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=mv2e7qvqqnk04evc2u722sme12; path=/
Set-Cookie: ce-visitor-imNtnF8=iGFv3YWgr96ZmmyeX-WTvKZ1cctltZ2YxIJplV6bepQ; expires=Thu, 28-Apr-2011 17:48:10 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-iWZvlWKde8OJZW2ZXp16nJFo=iWZvlWKde8OJZW2ZXp16nJFo; expires=Wed, 30-Mar-2011 17:48:10 GMT; path=/; domain=network.adsmarket.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: hxxp://go2zynga.com/aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 4
Connection: close
Content-Type: text/html; charset=UTF-8
----------------------------------------------------------
hxxp://go2zynga.com/aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000
GET /aff_c?offer_id=63&aff_id=31&aff_sub=52187&ce_cid=006xW5ezAi391zIXND8f7JS4lQ000000 HTTP/1.1
Host: go2zynga.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
HTTP/1.1 302 Found
Date: Tue, 29 Mar 2011 17:48:10 GMT
Server: Apache/2.2.14 (Unix) mod_apreq2-20051231/2.6.0
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Location: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Set-Cookie: aff_session_63=4-8618216163110329-31-63-0-0-0-0-UK-2-_-52187-_-_-_-1-86.18.2.161-20110329134810-http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882-; expires=Wed, 30 Mar 2011 17:48:10 GMT; path=/;
P3P: CP="NOI DEVa TAIa OUR BUS"
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
GET /cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK HTTP/1.1
Host: apps.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://www.goingonearth.com/search.php?q=kjhbdfk&n=1301420882
HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: hxxp://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; expires=Thu, 28-Mar-2013 17:48:11 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=8Hucm; path=/; domain=.facebook.com
Set-Cookie: reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.36.248.102
X-Cnection: close
Transfer-Encoding: chunked
Date: Tue, 29 Mar 2011 17:48:11 GMT
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/y4/r/oCUXctprNJz.css
GET /rsrc.php/v1/y4/r/oCUXctprNJz.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 12:04:50 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 3328
Vary: Accept-Encoding
Cache-Control: public, max-age=30849354
Expires: Tue, 20 Mar 2012 19:04:05 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/ye/r/3pIQ1RDUIxC.css
GET /rsrc.php/v1/ye/r/3pIQ1RDUIxC.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:46:51 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.64.184
Content-Length: 1670
Vary: Accept-Encoding
Cache-Control: public, max-age=30247187
Expires: Tue, 13 Mar 2012 19:47:58 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
GET /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Length: 2209
Content-Type: image/png
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=27851807
Expires: Wed, 15 Feb 2012 02:24:58 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yA/r/u0-QgHvi8pN.css
GET /rsrc.php/v1/yA/r/u0-QgHvi8pN.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:51:58 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 3411
Vary: Accept-Encoding
Cache-Control: public, max-age=30247365
Expires: Tue, 13 Mar 2012 19:50:56 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yW/r/r8tt3gFbIQr.css
GET /rsrc.php/v1/yW/r/r8tt3gFbIQr.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 19:08:55 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 12737
Vary: Accept-Encoding
Cache-Control: public, max-age=30961146
Expires: Thu, 22 Mar 2012 02:07:17 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.connect.facebook.com/connect.php/en_GB
GET /connect.php/en_GB HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Etag: "4326d1e5cb460f5e7ac41c5c0eba347a"
Content-Encoding: gzip
X-FB-Server: 10.27.3.126
X-Cnection: close
Content-Length: 6502
Vary: Accept-Encoding
Cache-Control: public, max-age=130
Expires: Tue, 29 Mar 2011 17:50:21 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js
GET /rsrc.php/v1/y-/r/jDl2O6ZuAyq.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 11:51:15 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 11565
Vary: Accept-Encoding
Cache-Control: public, max-age=30934968
Expires: Wed, 21 Mar 2012 18:50:59 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/zD/r/B4K_BWwP7P5.png
GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://static.ak.fbcdn.net/rsrc.php/v1/yW/r/r8tt3gFbIQr.css
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:46:52 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.64.183
Content-Length: 853
Vary: Accept-Encoding
Cache-Control: public, max-age=30247012
Expires: Tue, 13 Mar 2012 19:45:03 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.connect.facebook.com/connect.php/en_GB/js/CacheData
GET /connect.php/en_GB/js/CacheData HTTP/1.1
Host: static.ak.connect.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Etag: "c98d28fb7f99ad46aac8884cc195d814"
Content-Encoding: gzip
X-FB-Server: 10.32.182.114
X-Cnection: close
Content-Length: 19335
Cache-Control: public, max-age=1169
Expires: Tue, 29 Mar 2011 18:07:40 GMT
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://photos-f.ak.fbcdn.net/photos-ak-snc1/v27562/71/291549705119/app_2_291549705119_3378.gif
GET /photos-ak-snc1/v27562/71/291549705119/app_2_291549705119_3378.gif HTTP/1.1
Host: photos-f.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 1035
Last-Modified: Tue, 16 Nov 2010 00:08:24 GMT
Accept-Ranges: bytes
X-N: S
Date: Tue, 29 Mar 2011 17:48:11 GMT
Connection: keep-alive
Cache-Control: max-age=1209600
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yZ/r/ijnRamAy6bi.js
GET /rsrc.php/v1/yZ/r/ijnRamAy6bi.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 11:58:37 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.69.185
Content-Length: 12565
Vary: Accept-Encoding
Cache-Control: public, max-age=30848931
Expires: Tue, 20 Mar 2012 18:57:03 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yd/r/joZW3ByQt4l.js
GET /rsrc.php/v1/yd/r/joZW3ByQt4l.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 23 Mar 2010 18:29:36 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.69.184
Content-Length: 9093
Vary: Accept-Encoding
Cache-Control: public, max-age=31045266
Expires: Fri, 23 Mar 2012 01:29:18 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yX/r/zRa90Q7u7gU.js
GET /rsrc.php/v1/yX/r/zRa90Q7u7gU.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 23 Mar 2010 13:11:13 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.185
Content-Length: 26158
Vary: Accept-Encoding
Cache-Control: public, max-age=31026168
Expires: Thu, 22 Mar 2012 20:11:00 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/r5bpwwXlitT.js
GET /rsrc.php/v1/yf/r/r5bpwwXlitT.js HTTP/1.1
Host: b.static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 25 Mar 2011 21:24:12 GMT
Content-Encoding: gzip
X-FB-Server: 10.138.64.184
Content-Length: 2457
Vary: Accept-Encoding
Cache-Control: public, max-age=31203822
Expires: Sat, 24 Mar 2012 21:31:54 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yh/r/ffAr8hIZoP5.js
GET /rsrc.php/v1/yh/r/ffAr8hIZoP5.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 21:53:04 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.17.185
Content-Length: 36454
Vary: Accept-Encoding
Cache-Control: public, max-age=30884702
Expires: Wed, 21 Mar 2012 04:53:14 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://static.ak.fbcdn.net/rsrc.php/v1/yf/r/fwecnuTvq06.js
GET /rsrc.php/v1/yf/r/fwecnuTvq06.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 25 Mar 2011 01:46:17 GMT
Content-Encoding: gzip
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 30637
Vary: Accept-Encoding
Cache-Control: public, max-age=31134884
Expires: Sat, 24 Mar 2012 02:22:56 GMT
Date: Tue, 29 Mar 2011 17:48:12 GMT
Connection: keep-alive
----------------------------------------------------------
hxxp://fb-0.cityville.zynga.com/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
POST /tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK HTTP/1.1
Host: fb-0.cityville.zynga.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://apps.facebook.com/cityville/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Content-Type: application/x-www-form-urlencoded
Content-Length: 214
signed_request=5NuaUw58WVOYcnq6PJGDWG3U7mPJNVU5VaPvmzpKr6Q.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMwMTQyMDg5MSwidXNlciI6eyJjb3VudHJ5IjoiZ2IiLCJsb2NhbGUiOiJlbl9HQiIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0
HTTP/1.1 200 OK
Date: Tue, 29 Mar 2011 17:48:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Content-Length: 486
Connection: close
Content-Type: text/html; charset=UTF-8
----------------------------------------------------------
hxxp://ocsp.digicert.com/
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request
0q0o0M0K0I0 +
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Mar 2011 17:48:12 GMT
Content-Type: application/ocsp-response
Connection: keep-alive
Expires: Mon, 04 Apr 2011 16:15:37 GMT
Cache-Control: max-age=518400, public, no-transform
Content-Length: 471
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxp://ocsp.digicert.com/
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request
0q0o0M0K0I0 +
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Mar 2011 17:48:12 GMT
Content-Type: application/ocsp-response
Connection: close
Expires: Mon, 04 Apr 2011 17:03:20 GMT
Cache-Control: max-age=518400, public, no-transform
Content-Length: 1100
X-Antivirus: avast! 4
X-Antivirus-Status: Clean
----------------------------------------------------------
hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
GET /login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxp://fb-0.cityville.zynga.com/tracks.php?src=ads&aff=31&crt=CV_Acq_IntlTier1_Eng-Speaking_20101112_UK
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Fwww.goingonearth.com%2Fsearch.php%3Fq%3Dkjhbdfk%26n%3D1301420882; reg_fb_gate=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_ref=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK
HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: hxxp://fb.me/p3p"
Pragma: no-cache
Set-Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; expires=Thu, 28-Mar-2013 17:48:13 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; path=/; domain=.facebook.com
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.50.37
X-Cnection: close
Date: Tue, 29 Mar 2011 17:48:13 GMT
Content-Length: 6044
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yM/r/HJkijFx_6MU.css
GET /rsrc.php/v1/yM/r/HJkijFx_6MU.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 12:20:31 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.181
X-Cnection: close
Content-Length: 2283
Vary: Accept-Encoding
Cache-Control: public, max-age=30850378
Expires: Tue, 20 Mar 2012 19:21:11 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yh/r/mHbzNpflLi0.css
GET /rsrc.php/v1/yh/r/mHbzNpflLi0.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:57:59 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.17.185
X-Cnection: close
Content-Length: 3410
Vary: Accept-Encoding
Cache-Control: public, max-age=30247799
Expires: Tue, 13 Mar 2012 19:58:12 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yW/r/vLk0dtgLuHU.css
GET /rsrc.php/v1/yW/r/vLk0dtgLuHU.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 12:52:19 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.17.182
X-Cnection: close
Content-Length: 1668
Vary: Accept-Encoding
Cache-Control: public, max-age=30247472
Expires: Tue, 13 Mar 2012 19:52:45 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yZ/r/IzF9R71FmGH.css
GET /rsrc.php/v1/yZ/r/IzF9R71FmGH.css HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 19:07:46 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.16.184
X-Cnection: close
Content-Length: 12728
Vary: Accept-Encoding
Cache-Control: public, max-age=30961294
Expires: Thu, 22 Mar 2012 02:09:47 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
GET /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Length: 2209
Content-Type: image/png
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=27852590
Expires: Wed, 15 Feb 2012 02:38:03 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js
GET /rsrc.php/v1/y-/r/jDl2O6ZuAyq.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 22 Mar 2010 11:53:45 -0700
Content-Encoding: gzip
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 11563
Vary: Accept-Encoding
Cache-Control: public, max-age=30935125
Expires: Wed, 21 Mar 2012 18:53:38 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/zD/r/B4K_BWwP7P5.png
GET /rsrc.php/v1/zD/r/B4K_BWwP7P5.png HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://s-static.ak.facebook.com/rsrc.php/v1/yZ/r/IzF9R71FmGH.css
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:47:57 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 853
Vary: Accept-Encoding
Cache-Control: public, max-age=30247211
Expires: Tue, 13 Mar 2012 19:48:24 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/yi/r/q9U99v3_saj.ico
GET /rsrc.php/yi/r/q9U99v3_saj.ico HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Length: 152
Content-Type: image/x-icon
Last-Modified: Sat, 01 Jan 2000 00:00:00 GMT
X-Cnection: close
Cache-Control: public, max-age=26583425
Expires: Tue, 31 Jan 2012 10:05:18 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yU/r/wODZsjJ9zAW.js
GET /rsrc.php/v1/yU/r/wODZsjJ9zAW.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 14 Mar 2010 13:33:06 -0700
Content-Encoding: gzip
X-Powered-By: HPHP
X-FB-Server: 10.138.16.181
X-Cnection: close
Content-Length: 5046
Vary: Accept-Encoding
Cache-Control: public, max-age=30249964
Expires: Tue, 13 Mar 2012 20:34:17 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
hxxps://s-static.ak.facebook.com/rsrc.php/v1/yh/r/ffAr8hIZoP5.js
GET /rsrc.php/v1/yh/r/ffAr8hIZoP5.js HTTP/1.1
Host: s-static.ak.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: hxxps://www.facebook.com/login.php?api_key=291549705119&cancel_url=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&display=page&fbconnect=1&next=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK&return_session=1&session_version=3&v=1.0&req_perms=email%2Cpublish_stream
Cookie: datr=WxuSTQIX5aMoiqg1qfmWBxd2; lsd=8Hucm; reg_ext_ref=http%3A%2F%2Ffb-0.cityville.zynga.com%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fapi_key%3D291549705119%26cancel_url%3Dhttp%253A%252F%252Ffb-0.cityville.zynga.com%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26display%3Dpage%26fbconnect%3D1%26next%3Dhttp%253A%252F%252Fapps.facebook.com%252Fcityville%252Ftracks.php%253Fsrc%253Dads%2526aff%253D31%2526crt%253DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%26return_session%3D1%26session_version%3D3%26v%3D1.0%26req_perms%3Demail%252Cpublish_stream; x-referer=http%3A%2F%2Fapps.facebook.com%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK%23%2Fcityville%2Ftracks.php%3Fsrc%3Dads%26aff%3D31%26crt%3DCV_Acq_IntlTier1_Eng-Speaking_20101112_UK; wd=1366x568
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 21 Mar 2010 22:32:14 -0700
Content-Encoding: gzip
X-FB-Server: 10.138.64.184
X-Cnection: close
Content-Length: 36453
Vary: Accept-Encoding
Cache-Control: public, max-age=30887043
Expires: Wed, 21 Mar 2012 05:32:16 GMT
Date: Tue, 29 Mar 2011 17:48:13 GMT
Connection: keep-alive
----------------------------------------------------------
Back to top
