Spyware.ParentTools

[Brad]

Behavior
Spyware.ParentTools is a spyware program records chatting conversations silently.

Symptoms
Your Symantec program detects Spyware.ParentTools.

Transmission
Spyware.ParentTools must be manually installed.

technical details
File names:
%UserProfile%\Desktop\PT-Setup.exe
%System%\ptrun32\ptr32w.exe
%System%\ptrun32\ptrun32.exe
%System%\ptrun32\PTUpgrade.exe
%System%\ptrun32\wspoolsv.exe

When Spyware.ParentTools is installed, it performs the following actions:

   1. Creates the following files:

          * %UserProfile%\Desktop\Parent Tools.lnk
          * %UserProfile%\Start Menu\Programs\Parent Tools for AIM.lnk
          * %UserProfile%\Desktop\PT-Setup.exe
          * %System%\duzactx.dll
          * %System%\DWSBC36.OCX
          * %System%\DWSHK36.OCX
          * %System%\Dwspy36.dll
          * %System%\dzactx.dll
          * %System%\IGSplitter40.ocx
          * %System%\IGTabs40.ocx
          * %System%\IGThreed40.ocx
          * %System%\ptrun32\acl.bat
          * %System%\ptrun32\PTHelp.cnt
          * %System%\ptrun32\PTHELP.HLP
          * %System%\ptrun32\ptr32w.exe
          * %System%\ptrun32\ptrun32.exe
          * %System%\ptrun32\PTUpgrade.exe
          * %System%\ptrun32\rtc.dat
          * %System%\ptrun32\unins000.dat
          * %System%\ptrun32\unins000.exe
          * %System%\ptrun32\wspoolsv.exe
          * %System%\RICHTX32.OCX
          * %System%\XceedZip.dll

            Notes:
          * %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
          * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

   2. Adds the following registry subkeys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0863A990-95FD-11D1-B777-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E9D0E4F-7AB8-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB90DCF-97D1-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1647B756-F501-4AE1-BC91-37EF2E8FB1A7}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205720E1-9D3A-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205720E2-9D3A-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205720E3-9D3A-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205720E4-9D3A-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205720E5-9D3A-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C704DBC-9C46-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C704DBD-9C46-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CF28E8B-8764-4240-A881-E4CEF1889253}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD2C94F-049E-11D1-B66A-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B59E47-D95F-4D2D-837C-CDF232C8C61D}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{494A0A68-140E-4949-8DC4-67A669DE327A}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51506C53-F13B-4733-88A9-6DA4A6458D6A}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{575E82CB-32CD-B68A-8FC3-8DBC57B7CC88}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B238A07-94F7-11D1-B776-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60051AC3-70FA-4592-AAAE-6F1093E3E7F2}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{679C8412-93B8-11D1-B773-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E29B981-9C50-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E29B982-9C50-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F5E3525-F816-11D0-B64C-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855C49A7-9C3C-11D1-B784-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93664E1A-F60F-4F5A-86B6-8BEE016616F2}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97AD9BE1-81C6-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97AD9BE2-81C6-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97AD9BE4-81C6-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2976EE4-400E-4E8C-9C57-192F3EF72001}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C57974C1-80F1-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6A12981-8355-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D990BF3A-DE3F-41C0-AA3A-25C82B20BDD9}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE95BE41-FAB6-4B73-8383-B1F95E86A595}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D96671-A5CE-4854-AE49-6835742D232F}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05D56700-EB90-11D2-A5CD-00105A9C91C6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07119BE3-876B-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07189400-00F2-11D5-802D-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0722305B-207C-438F-9D4B-7B5069FCE8E7}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E9D0E4E-7AB8-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FB90DCE-97D1-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{112E82FA-52D4-498B-8E5A-F43A32C05493}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2352728B-0165-4480-B226-50893184B4D9}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D950C7E-C30B-4D2B-AEB0-EE2ADFDBA941}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31C2DDD0-B692-11D4-BFE3-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31C2DDD1-B692-11D4-BFE3-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31C2DDD2-B692-11D4-BFE3-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{32BB0343-D614-4282-9FBE-903AFCA22E89}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EAA71A9-5B21-4492-9167-5712DE19A003}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C836511-BB70-11D2-A5A7-00105A9C91C6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D7DBEEF-4266-4BAF-AD17-B127FDAA8A49}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52CDD19E-B5BA-4342-B950-5AAC5AA0F641}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54E2426B-6DE2-4240-82EF-B742ECD0A92F}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{599F5ACE-C8C6-4FA8-AF9A-41627DB5B29D}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61B32361-A320-4BD4-91EB-9856279FF363}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B976285-3692-11D0-9B8A-0000C0F04C96}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EEC6232-AE27-464F-9425-D74B63A090A7}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F82AFFD-8523-4AC1-A1E8-4CC110C84C16}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77243A10-00F3-11D5-802D-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F5E3523-F816-11D0-B64C-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F5E3599-F816-11D0-B64C-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{873640AA-C103-46D5-B6C6-4E95D912E320}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ACE4ED5-A424-4E12-8EAC-C62E1AD0FA97}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{936102E9-D288-483E-A85E-D43D2E60272F}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{99C11080-CD22-11D4-BFFA-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9A53B561-9D40-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0CECD40-EB84-11D2-A5CD-00105A9C91C6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAC4831F-8C1F-434E-9F80-7F1B5B0036E0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB6AE800-A79E-455A-8FDF-B92191040397}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B793A988-3E4C-4836-8A97-89D7B377491F}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA6DDFF3-7075-4831-A995-B5A72F87D896}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAA1401E-3F5F-47A4-870B-431D602D2488}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBD1845F-D69E-4919-AE7F-B707F4776EFD}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD833124-92C9-44D3-824E-AC3F238F9A3D}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C17E4D20-495C-4A51-BB6A-D74D15C664EB}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2EFF34D-585B-4C18-B318-A61005F9B5D0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC6FD600-EE1D-11D4-801A-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC90732C-C213-41F2-9A83-7645619C549C}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D678A4B8-9236-4283-99FB-5FC707E07025}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB79768F-40E0-11D2-9BD5-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB797691-40E0-11D2-9BD5-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED117630-4090-11CF-8981-00AA00688B10}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDAACF7B-EE72-4C36-93E9-7D39F1039400}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5C0A252-147D-4F4A-9FE9-F28BCF882A52}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE8E0864-F862-4B75-A324-A9BBFBCA74EF}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF9B55E3-F8E4-423B-AAFF-0803ABDE8AB3}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E9D0E41-7AB8-11D1-9400-00A0248F2EF0}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0FB90DC1-97D1-11D1-87C0-444553540000}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{14ACBB92-9C4A-4C45-AFD2-7AE60E71E5B3}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7F5E3516-F816-11D0-B64C-00001C1AD1F8}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D8F5B61D-9152-4399-BF30-A1E4F3F072F6}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F20E41DE-526A-423A-B746-D860D06076B4}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UltraEdit.js\ScriptHostEncode
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabPanel.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrl.duzactxctrl
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrl.duzactxctrl.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG1.duzactxctrlPPG1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG1.duzactxctrlPPG1.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG2.duzactxctrlPPG2
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG2.duzactxctrlPPG2.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG3.duzactxctrlPPG3
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG3.duzactxctrlPPG3.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG4.duzactxctrlPPG4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG4.duzactxctrlPPG4.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG5.duzactxctrlPPG5
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\duzactxctrlPPG5.duzactxctrlPPG5.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwSbc36.Advanced
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwSbc36.Advanced.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwsbc36.DwsbcPropPage
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwsbc36.DwsbcPropPage.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwSbc36.MsgList
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwSbc36.MsgList.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwsbc36.RegMsg
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwsbc36.RegMsg.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwsbc36.Subclass
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwsbc36.Subclass.6
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwshk36.DwshkPropPage
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dwshk36.DwshkPropPage.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.HookPage
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.HookPage.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.KeyList
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.KeyList.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.KeyPage
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.KeyPage.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.MsgList
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.MsgList.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.RegMsg
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.RegMsg.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.WinHook
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dwshk36.WinHook.6
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrl.dzactxctrl
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrl.dzactxctrl.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG1.dzactxctrlPPG1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG1.dzactxctrlPPG1.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG2.dzactxctrlPPG2
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG2.dzactxctrlPPG2.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG3.dzactxctrlPPG3
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG3.dzactxctrlPPG3.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG4.dzactxctrlPPG4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG4.dzactxctrlPPG4.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG5.dzactxctrlPPG5
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dzactxctrlPPG5.dzactxctrlPPG5.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.Pane Object
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.Pane Object.3
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.Panes Collection
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.Panes Collection.3
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.SSSplitter
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSSplitter.SSSplitter.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSCheck
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSCheck.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSCommand
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSCommand.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSFrame
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSFrame.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSOption
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSOption.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSPanel
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSPanel.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSRibbon
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Threed.SSRibbon.4
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XceedSoftware.XceedCompression
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XceedSoftware.XceedCompression.5
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XceedSoftware.XceedZip
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XceedSoftware.XceedZip.5
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Parent Tools for AIM_is1
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent
      HKEY_LOCAL_MACHINE\SOFTWARE\Ignite Software\Parent Tools AIM

   3. Adds the value:

      "ptrun32" = "%System%\ptrun32\ptrun32.exe -startup"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      so that the risk runs every time Windows starts.

   4. Adds the value:

      "PTRUN32" = "%System%\ptrun32\ptr32w.exe"

      to the registry subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

      so that the risk runs every time Windows starts.

   5. Adds the values:

      "{R7C0DB872A3F777C0}" = "[random values]"
      "{K7C0DB872A3F777C0}" = "[random values]"
      "{I30D2285BC916DC83}" = "[random values]"
      "{030D2285BC916DC83}" = "[random values]"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Licenses

   6. Modifies the value:

      "(Default)" = "{420B2830-E718-11CF-893D-00A0C9054228}"

      in the registry subkeys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib

   7. Modifies the value:

      "(Default)" = "{86CF1D34-0C5F-11D2-A9FC-0000F8754DA1}"

      in the registry subkeys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
      {2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib

   8. Records chatting conversations silently.

REMOVAL INSTRUCTIONS
See: http://securityresponse.symantec.com/avcenter/venc/data/spyware.parenttools.html

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

   3. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   4. In the right pane, delete the value:

      "ptrun32" = "%System%\ptrun32\ptrun32.exe -startup"

   5. Navigate to the subkey:

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

   6. In the right pane, delete the value:

      "PTRUN32" = "%System%\ptrun32\ptr32w.exe"

   7. Navigate to and delete the keys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Parent Tools for AIM_is1
      HKEY_LOCAL_MACHINE\SOFTWARE\Ignite Software\Parent Tools AIM

   8. Exit the Registry Editor.