Friday
2008-11-30, 00:02
The following instructions have been created to help you to get rid of "TargetMarketingAgency" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
spyware
Description:
TargetMarketingAgency collects user information from you to extend their database so they can generate a special user profile. In future the user will receive annoying popups by surfing the internet.
Removal Instructions:
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$LOCALAPPDATA>\Target Marketing Agency\TMAgent\TMAgent.bin".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\license.txt".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\tmagent.dll".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\tmasrv.exe".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\Uninstaller.exe".
Make sure you set your file manager to display hidden and system files. If TargetMarketingAgency uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$LOCALAPPDATA>\Target Marketing Agency".
The directory at "<$LOCALAPPDATA>\Target Marketing Agency\TMAgent".
The directory at "<$COMMONPROGRAMFILES>\Target Marketing Agency".
The directory at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent".
Make sure you set your file manager to display hidden and system files. If TargetMarketingAgency uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{35A6E2B1-27A9-47D2-913C-559E1EF1D034}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "Target Marketing Agency" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "{10A2AFE5-A6C3-46A9-A3E9-DFBE934AFCBB}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "tmasrv.exe" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{17249F79-BBD0-470A-9BC5-8CFD2D5046D0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2A3F6F50-9A92-4553-9016-729D1E1A00AB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{351371A7-C5CF-472B-8EA3-B1C6414E25ED}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{35A6E2B1-27A9-47D2-913C-559E1EF1D034}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{54E20E87-E6A4-4B47-A996-653752829354}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{550DA458-33B1-4150-AFB7-59E9728386E3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{55264FA9-008D-4318-8F50-B79578520FC4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{55A577B1-AD9F-4530-AD1E-463B2C4CD162}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5E1B5A0F-CF08-4195-AB70-209572915923}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7023DE86-FAF5-4E26-94AC-C32C740270B0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{84185EA0-0B56-407f-BBC9-3D1F12FE6EAB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9CDFE9F3-4D2B-4771-B6C2-C7569226939B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{BCFB7668-312A-4149-83AC-4E7FE71CA44C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C06CE8FC-50D9-414A-A318-C90E2FCDBEB6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C5DB6F05-089B-4FC4-A869-2C1975BD8BAF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CC29517F-D259-4AB6-912A-99678740FD00}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{03C39A03-BDB6-4539-9A35-B8513576A8B4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0A3C7FD8-4A49-4E13-8F2B-D406C2B28667}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1B55F2E0-7C78-4CFD-AC87-E3728D2B14F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1F0FA04A-0F04-4816-9BE4-879394959F58}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2023B80E-F876-4A78-BD4C-E6A2C7409380}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3885F585-7AE7-4F51-909C-6D4C15D2D7F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3B80C849-1AEB-4553-9B37-A836ACA92261}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4521F436-558C-4F50-A2C1-055E73303931}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{55AB60A6-9115-4D30-8D61-284C2F2C9A26}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5E62FACD-C790-4469-BD18-9E7BC55E6BAC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{81FEA687-C096-461C-92AA-46A36D2C62DE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{82FE73C6-54B5-429D-91F0-0E596F7D2D31}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{86112591-8606-4331-8072-0F314F2155BC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9C290EF4-303E-4837-B30A-ED4CB0DC5219}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{AE54F9EB-3744-4C97-B38B-FE5F866479FC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B2C71B91-7CA7-4FD2-9138-8041178AAB11}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{BBF66AE7-E6BB-4B8E-ACCB-12862B6A5D0B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C9848473-0FE9-41F8-9380-9FD424D65C92}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CAD3AF0E-C1A4-4671-881F-9B1F6B7F0011}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E0CD2020-CFAF-4F6A-B461-FCBB21094B5E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E4A2C5D9-F682-461D-BD38-B4A65E835604}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E5CC1B55-7BDB-4BE6-B3F2-6DE6EA73EB33}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EB953B20-9F91-4A11-B325-EE5D7079F68D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{ED7CD4DA-0199-4F59-800F-36A844654435}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F57C31C9-2B3B-4649-A975-BBC0D975E0F1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F81A895F-3184-416A-8FA0-D26818D1AD0F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7F6EDB84-901B-4309-A2F6-0058F38C4CC4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{A1C7A1E6-6A3C-4D6F-A376-81C4BEA13A62}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "Steadway.IEAdapter", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.IEAdapter.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.Steadway", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.Steadway.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwBand.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwDialogs", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwDialogs.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Stwsrv.SteadwayReport", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Stwsrv.SteadwayReport.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Context", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Context.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.FilterDebugger", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.FilterDebugger.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Match", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Match.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Regexp", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Regexp.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayCookie", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayCookie.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayError", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayError.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayFilterRate", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayFilterRate.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayRequest", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayRequest.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayServer", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayServer.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwaySiteRate", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwaySiteRate.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.UrlScriptlet", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.UrlScriptlet.1", plus associated values.
If TargetMarketingAgency uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
spyware
Description:
TargetMarketingAgency collects user information from you to extend their database so they can generate a special user profile. In future the user will receive annoying popups by surfing the internet.
Removal Instructions:
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$LOCALAPPDATA>\Target Marketing Agency\TMAgent\TMAgent.bin".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\license.txt".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\tmagent.dll".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\tmasrv.exe".
The file at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent\Uninstaller.exe".
Make sure you set your file manager to display hidden and system files. If TargetMarketingAgency uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$LOCALAPPDATA>\Target Marketing Agency".
The directory at "<$LOCALAPPDATA>\Target Marketing Agency\TMAgent".
The directory at "<$COMMONPROGRAMFILES>\Target Marketing Agency".
The directory at "<$COMMONPROGRAMFILES>\Target Marketing Agency\TMAgent".
Make sure you set your file manager to display hidden and system files. If TargetMarketingAgency uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{35A6E2B1-27A9-47D2-913C-559E1EF1D034}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "Target Marketing Agency" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "{10A2AFE5-A6C3-46A9-A3E9-DFBE934AFCBB}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "tmasrv.exe" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{17249F79-BBD0-470A-9BC5-8CFD2D5046D0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2A3F6F50-9A92-4553-9016-729D1E1A00AB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{351371A7-C5CF-472B-8EA3-B1C6414E25ED}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{35A6E2B1-27A9-47D2-913C-559E1EF1D034}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{54E20E87-E6A4-4B47-A996-653752829354}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{550DA458-33B1-4150-AFB7-59E9728386E3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{55264FA9-008D-4318-8F50-B79578520FC4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{55A577B1-AD9F-4530-AD1E-463B2C4CD162}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5E1B5A0F-CF08-4195-AB70-209572915923}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{7023DE86-FAF5-4E26-94AC-C32C740270B0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{84185EA0-0B56-407f-BBC9-3D1F12FE6EAB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9CDFE9F3-4D2B-4771-B6C2-C7569226939B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{BCFB7668-312A-4149-83AC-4E7FE71CA44C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C06CE8FC-50D9-414A-A318-C90E2FCDBEB6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{C5DB6F05-089B-4FC4-A869-2C1975BD8BAF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CC29517F-D259-4AB6-912A-99678740FD00}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{03C39A03-BDB6-4539-9A35-B8513576A8B4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{0A3C7FD8-4A49-4E13-8F2B-D406C2B28667}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1B55F2E0-7C78-4CFD-AC87-E3728D2B14F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1F0FA04A-0F04-4816-9BE4-879394959F58}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{2023B80E-F876-4A78-BD4C-E6A2C7409380}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3885F585-7AE7-4F51-909C-6D4C15D2D7F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3B80C849-1AEB-4553-9B37-A836ACA92261}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4521F436-558C-4F50-A2C1-055E73303931}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{55AB60A6-9115-4D30-8D61-284C2F2C9A26}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5E62FACD-C790-4469-BD18-9E7BC55E6BAC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{81FEA687-C096-461C-92AA-46A36D2C62DE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{82FE73C6-54B5-429D-91F0-0E596F7D2D31}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{86112591-8606-4331-8072-0F314F2155BC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9C290EF4-303E-4837-B30A-ED4CB0DC5219}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{AE54F9EB-3744-4C97-B38B-FE5F866479FC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B2C71B91-7CA7-4FD2-9138-8041178AAB11}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{BBF66AE7-E6BB-4B8E-ACCB-12862B6A5D0B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C9848473-0FE9-41F8-9380-9FD424D65C92}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CAD3AF0E-C1A4-4671-881F-9B1F6B7F0011}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E0CD2020-CFAF-4F6A-B461-FCBB21094B5E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E4A2C5D9-F682-461D-BD38-B4A65E835604}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E5CC1B55-7BDB-4BE6-B3F2-6DE6EA73EB33}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EB953B20-9F91-4A11-B325-EE5D7079F68D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{ED7CD4DA-0199-4F59-800F-36A844654435}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F57C31C9-2B3B-4649-A975-BBC0D975E0F1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F81A895F-3184-416A-8FA0-D26818D1AD0F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{7F6EDB84-901B-4309-A2F6-0058F38C4CC4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{A1C7A1E6-6A3C-4D6F-A376-81C4BEA13A62}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "Steadway.IEAdapter", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.IEAdapter.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.Steadway", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.Steadway.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwBand.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwDialogs", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Steadway.StwDialogs.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Stwsrv.SteadwayReport", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Stwsrv.SteadwayReport.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Context", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Context.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.FilterDebugger", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.FilterDebugger.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Match", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Match.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Regexp", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.Regexp.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayCookie", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayCookie.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayError", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayError.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayFilterRate", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayFilterRate.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayRequest", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayRequest.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayServer", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwayServer.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwaySiteRate", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.SteadwaySiteRate.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.UrlScriptlet", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "TMAgent.UrlScriptlet.1", plus associated values.
If TargetMarketingAgency uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.