ADW_WENHU


 ALIASES:

WebToolbar.Win32.WhenU.a(Kaspersky),Win32/Adware.WhenU.SaveNow application(NOD32)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet

This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It does not have any propagation routine.

It does not have any backdoor routine.

  TECHNICAL DETAILS

File Size:

4,797,659 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

14 Nov 2014

Payload:

Installs programs

Arrival Details

This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This adware drops the following files:

  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\instance.dat
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\mia.dll
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.dat
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.msi
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.par
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.res
  • {variable dependent on installation}\Desktop\ShrinkTo5Gui.lnk
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - FAQ (Read this before you ask!).lnk
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - Forum.lnk
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - Homepage.lnk
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5Gui.lnk
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\Uninstall ShrinkTo5.lnk
  • %Application Data%\Seven Zip\Codecs\7zAes.dll
  • %Application Data%\Seven Zip\Codecs\Aes.dll
  • %Application Data%\Seven Zip\Codecs\Branch.dll
  • %Application Data%\Seven Zip\Codecs\Copy.dll
  • %Application Data%\Seven Zip\Codecs\LZMA.dll
  • %Application Data%\Seven Zip\Codecs\Swap.dll
  • %Application Data%\Seven Zip\Formats\7z.dll
  • %Program Files%\FoxBurnerPlugin\FoxBurnerU.dll
  • %Program Files%\FoxBurnerPlugin\FoxPlug.exe
  • %Program Files%\FoxBurnerPlugin\language.ini
  • %Program Files%\FoxBurnerPlugin\SkinCrafter.dll
  • {Path indicated during installation}\DVDPl.dll
  • {Path indicated during installation}\Final.wav
  • {Path indicated during installation}\language.ini
  • {Path indicated during installation}\ShrinkTo5.dll
  • {Path indicated during installation}\ShrinkTo5.skf
  • {Path indicated during installation}\ShrinkTo5Gui.exe
  • %Program Files%\VVSN\vvsn.cfg
  • %Program Files%\VVSN\VVSN.exe - detected as ADW_WENHU
  • %Program Files%\VVSN\URL1\vsn.cfg
  • %Windows%\Installer\{random file name}.msi
  • %Windows%\system32\BMenuPlg.dll
  • %User Temp%\mia1\componentstree.dfm - will be deleted after installation
  • %User Temp%\mia1\componentstree.dfm.miaf - will be deleted after installation
  • %User Temp%\mia1\destination.dfm - will be deleted after installation
  • %User Temp%\mia1\destination.dfm.miaf - will be deleted after installation
  • %User Temp%\mia1\finish.dfm - will be deleted after installation
  • %User Temp%\mia1\finish.dfm.miaf - will be deleted after installation
  • %User Temp%\mia1\license.rtf - will be deleted after installation
  • %User Temp%\mia1\licensecheck.dfm - will be deleted after installation
  • %User Temp%\mia1\licensecheck.dfm.miaf - will be deleted after installation
  • %User Temp%\mia1\maintenance.dfm - will be deleted after installation
  • %User Temp%\mia1\maintenance.dfm.miaf - will be deleted after installation
  • %User Temp%\mia1\mMSIExec.dll - will be deleted after installation
  • %User Temp%\mia1\mWinRunExec.dll - will be deleted after installation
  • %User Temp%\mia1\{other component files} - will be deleted after installation
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\mWinRunExec.dll
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\cabinet.dll
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\imagehlp.dll
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\instmsi.msi
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.cat
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.dll
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.inf
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msiexec.exe
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\{Other component files}
  • %User Temp%\mia{value}.tmp\data\mMSI.dll\mMSIExec.dll
  • %User Temp%\mia{value}.tmp\data\mWinRun.dll\mWinRunExec.dll
  • %User Temp%\mia{value}.tmp\data\OFFLINE\{Other folders created}\{File content}
  • %User Temp%\mia{value}.tmp\data\ShrinkTo5Setup.msi
  • %User Temp%\mia{value}.tmp\data\{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
  • %User Temp%\mia{value}.tmp\mia.dll
  • %User Temp%\mia{value}.tmp\ShrinkTo5Setup.exe
  • %User Temp%\mia{value}.tmp\ShrinkTo5Setup.msi
  • %User Temp%\mia{value}.tmp\ShrinkTo5Setup.res

(Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

It creates the following folders:

  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}
  • %User Temp%\mia{value}.tmp
  • %User Temp%\mia{value}.tmp\data
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\ansi
  • %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode
  • %User Temp%\mia{value}.tmp\data\mMSI.dll
  • %User Temp%\mia{value}.tmp\data\mWinRun.dll
  • %User Temp%\mia{value}.tmp\data\OFFLINE
  • %User Temp%\mia{value}.tmp\data\OFFLINE\{Other folders created}
  • %Application Data%\Seven Zip
  • %Application Data%\Seven Zip\Codecs
  • %Application Data%\Seven Zip\Formats
  • %User Temp%\mia1
  • %Program Files%\VVSN
  • %Program Files%\VVSN\URL1
  • {Path indicated during installation}\ShrinkTo5
  • %Program Files%\FoxBurnerPlugin
  • %System Root%\ShrinkTo5_Movies

(Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.)

It adds the following mutexes to ensure that only one of its copies runs at any one time:

  • WhenU_VVSN_1_0_SharedMutex <-- VVSN.exe process

Autostart Technique

This adware adds the following registry entries to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
VVSN = "%Program Files%\VVSN\VVSN.exe"

Other System Modifications

This adware adds the following registry keys:

HKEY_CURRENT_USER\SOFTWARE\MimarSinan\
InstallAware\Seven Zip

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5

HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\
InstallAware\Ident.Cache\{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}

HKEY_CURRENT_USER\Software\FoxBurnerPlugin

HKEY_LOCAL_MACHINE\Software\FoxBurnerPlugin

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
InProgress

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
Rollback\Scripts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F1B496B301445D115AA4000972A8B18B

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
280FD061CF364EA4EADBD15B8EFC25DD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D379A2A859D08A049A6E444E8CD0A316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B78108D9E9266BC44801C17622DE6C39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B6FE163B24F4F2A48B50F710504E536A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FEB1994CE6084AB4D9C34B797778F51E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C925D6AF2CD9B7849BDD0E7C38DF54AD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
4F193977C30794E42ABA989C9D9D07ED

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3D607B6900529724884E35217A4F2D6D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B027EF26403A4C0408EA3AC204C2EB0C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
E3FC78781348B4D4D9BA60724C588052

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7921FC361FE2FCE43ACF6DFA4A6DD51A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
A879FB4C508C3EA4E90F0EE5F9388BCF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7D61E4CC7EBFE0A47BD59EA72602773F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
881FAE10E7EEE7B4285441801AA712BA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F4B2C5476031CB4448B5BA7400606586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
353E3E8EC4BB7E640821B668B49F957E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C0540D40C1784984D991B8D9AE0E99FA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C2A4FFD49348ECC49BA1569B70840CA9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
5BC5D6367268E4F429DB6744C0FFF5BE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D6F6AD0BF9FB57742913B2F635DF0A88

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
454243871D8745C4EB7EE7BE3ED3AE92

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
54A15747D9771A4419A14B69EDA8FFDA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3CF29DBC968C60D41B090C7CE413C2D5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1034C1CAA1E9D0E4BA9734843D79505D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
AF7510FA705ED0040ACF271FBE37E316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6A7EADFAA5339F84DA0D3B77A13747B7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D66C10AD6C3EA55428E5687B70C88598

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
CBF1B10E8B5CD204292C9FAA088A746B

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FF6BFCE474CFF4A469B3BBA390955F3E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6F9D6CD79B9352742A37BB5BD1B9A595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
047606991B7DEC947A9F91DEF3642DB1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
92E20068D31937B46BCC5D7B9E511B54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F02008B1DFFF2F3449991AEE28F3C02F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BD46C6C4776B99B49B9CCE9EFC3B58EC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6C67BC8359B9A9D469078F58D4710864

HKEY_LOCAL_MACHINE\Software\Classes\
DVD\Shell\Copy using ShrinkTo5

HKEY_LOCAL_MACHINE\Software\Classes\
DVD\Shell\Copy using ShrinkTo5\
Command

HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5

HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell

HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5

HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5\
Command

HKEY_CURRENT_USER\Software\ShrinkTo5

HKEY_CURRENT_USER\Software\ShrinkTo5\
Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
UpgradeCodes\81DDE23005491FF42860E9C51B541A54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Usage

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Features\91BFF6DBBFD994F4A9D1093E47CDD0DB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Patches

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\UpgradeCodes\81DDE23005491FF42860E9C51B541A54

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Media

HKEY_CLASSES_ROOT\DVDPl.DVDPlayer.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer.1\CLSID

HKEY_CLASSES_ROOT\DVDPl.DVDPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Control

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Insertable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\ToolboxBitmap32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\MiscStatus

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\MiscStatus\
1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\TypeLib

HKEY_CLASSES_ROOT\SkinCrafter.SCSkin.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin.1\CLSID

HKEY_CLASSES_ROOT\SkinCrafter.SCSkin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\TypeLib

HKEY_CLASSES_ROOT\CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}

HKEY_CLASSES_ROOT\CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}\
InProcServer32

HKEY_CLASSES_ROOT\*\shellex\
ContextMenuHandlers\BMenuPlg

HKEY_CLASSES_ROOT\Folder\shellex\
ContextMenuHandlers\BMenuPlg

HKEY_CURRENT_USER\SOFTWARE\MimarSinan

HKEY_CURRENT_USER\SOFTWARE\MimarSinan\
InstallAware

It adds the following registry entries:

HKEY_CURRENT_USER\Software\MimarSinan\
InstallAware\Seven Zip
Path = "%User Profile%\Application Data\Seven Zip"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
DisplayIcon = "%All Users' Application Data%\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
DisplayName = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
UninstallString = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
ModifyPath = "%All Users' Application Data%\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Publisher = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Contact = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
URLUpdateInfo = "http://www.{BLOCKED}to5.com"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Comments = "All rights reserved"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DialogLabel = "FoxBurner Plugin"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DoSkinning = "0"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DeviceCount = "0"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
ShowSettings = "1"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
Language = "1033"

HKEY_LOCAL_MACHINE\SOFTWARE\FoxBurnerPlugin
FoxPlug = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\FoxBurnerPlugin
Language = "1033"

HKEY_CURRENT_USER\Software\FoxBurnerPlugin
LicenseKey = "E3579-0812F-4B718-916B0-00100-000FE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Rollback\Scripts
%System Root%\Config.Msi\32fbf.rbs = "434ebb"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
280FD061CF364EA4EADBD15B8EFC25DD
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D379A2A859D08A049A6E444E8CD0A316
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\DVDPl.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B78108D9E9266BC44801C17622DE6C39
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\Final.wav"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B6FE163B24F4F2A48B50F710504E536A
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\language.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FEB1994CE6084AB4D9C34B797778F51E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C925D6AF2CD9B7849BDD0E7C38DF54AD
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5.skf"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
4F193977C30794E42ABA989C9D9D07ED
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5Gui.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3D607B6900529724884E35217A4F2D6D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B027EF26403A4C0408EA3AC204C2EB0C
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Desktop%"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\FoxBurnerU.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\FoxBurnerU.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\language.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\language.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\SkinCrafter.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\SkinCrafter.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
E3FC78781348B4D4D9BA60724C588052
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\DVD\Shell\Copy using ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7921FC361FE2FCE43ACF6DFA4A6DD51A
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\DVD\Shell\Copy using ShrinkTo5\Command"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
A879FB4C508C3EA4E90F0EE5F9388BCF
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7D61E4CC7EBFE0A47BD59EA72602773F
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
881FAE10E7EEE7B4285441801AA712BA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F4B2C5476031CB4448B5BA7400606586
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
353E3E8EC4BB7E640821B668B49F957E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C0540D40C1784984D991B8D9AE0E99FA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5\Command"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C2A4FFD49348ECC49BA1569B70840CA9
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
5BC5D6367268E4F429DB6744C0FFF5BE
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D6F6AD0BF9FB57742913B2F635DF0A88
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
454243871D8745C4EB7EE7BE3ED3AE92
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
54A15747D9771A4419A14B69EDA8FFDA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3CF29DBC968C60D41B090C7CE413C2D5
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1034C1CAA1E9D0E4BA9734843D79505D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
AF7510FA705ED0040ACF271FBE37E316
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6A7EADFAA5339F84DA0D3B77A13747B7
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D66C10AD6C3EA55428E5687B70C88598
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
CBF1B10E8B5CD204292C9FAA088A746B
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FF6BFCE474CFF4A469B3BBA390955F3E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\Language"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\SharedDlls
%System%\BMenuPlg.dll = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "C?\WINDOWS\system32\BMenuPlg.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\SharedDlls
%System%\BMenuPlg.dll = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D
00000000000000000000000000000000 = "C?\WINDOWS\system32\BMenuPlg.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6F9D6CD79B9352742A37BB5BD1B9A595
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\TargetFolder"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
047606991B7DEC947A9F91DEF3642DB1
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\NotifyFile"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
92E20068D31937B46BCC5D7B9E511B54
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%System Root%\ShrinkTo5_Movies"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F02008B1DFFF2F3449991AEE28F3C02F
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BD46C6C4776B99B49B9CCE9EFC3B58EC
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6C67BC8359B9A9D469078F58D4710864
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Start Menu%\Programs\ShrinkTo5 = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Program Files%\ShrinkTo5 = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Program Files%\FoxBurnerPlugin = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%System Root%\ShrinkTo5_Movies = "1"

HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
Language = "1033"

HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
TargetFolder = "%System Root%\ShrinkTo5_Movies"

HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
NotifyFile = "DEFAULT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
Action = "Copy DVD Video"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
DefaultIcon = "%Program Files%\ShrinkTo5\ShrinkTo5.exe,0 "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
InvokeProgID = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
InvokeVerb = "PlayDVDMovieOnArrival_ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
Provider = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
RegOwner = "{user name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
ProductID = "none"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
LocalPackage = "%Windows%\Installer\32fc0.msi"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
DisplayVersion = "2.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
InstallDate = "20131014"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
InstallSource = "%User Temp%\mia1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoRemove = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Publisher = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
EstimatedSize = "1144"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
SystemComponent = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
VersionMajor = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
VersionMinor = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
WindowsInstaller = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Version = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Language = "49"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
DisplayVersion = "2.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
InstallDate = "20131014"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
InstallSource = "%User Temp%\mia1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoRemove = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Publisher = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
EstimatedSize = "1144"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
SystemComponent = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
VersionMajor = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
VersionMinor = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
WindowsInstaller = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Version = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Language = "49"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
DisplayName = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
DisplayName = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features
FEATURE_ID = "3E'+7d?3g(Svy?VXB]2d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features
{Other Entries} = "{Character values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
ProductName = "ShrinkTo5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
PackageCode = "631DFA49FD1EB8A46A144DEBA2A5E853"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Language = "49"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Version = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Assignment = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
AdvertiseFlags = "184"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
InstanceType = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
AuthorizedLUAApp = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList
PackageName = "ShrinkTo5Setup.msi"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net
1 = "%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net
2 = "%User Temp%\mia1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Media
1 = ";"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList
LastUsedSource = "n;1;%User Temp%\mia1.tmp\data"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\TypeLib
Version = "1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\TypeLib
Version = "1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\TypeLib
Version = "1.7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}\InProcServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Shell Extensions\
Approved
{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C} = "BMenuPlg"

Propagation

This adware does not have any propagation routine.

Backdoor Routine

This adware does not have any backdoor routine.

NOTES:

The installer mainly installs ShrinkTo5, an application capable of backing up DVD data.

The following images are some steps of the installation process:

The following will determine the 'Path indicated during installation' dropped files:

The following will determine the 'variable dependent on installation'(If option All users of this computer:%All Users Profile% , if Just me:%User Profile%; add '\Microsoft' on the path if Windows Vista and Above) and 'Chosen program name installation' dropped files:

The following indicates that it is now installing:

The installer has a bundled potentially unwanted program upon installation which is dropped on the following:

  • %Program Files%\VVSN\vvsn.cfg - configuration information
  • %Program Files%\VVSN\VVSN.exe

'VVSN.exe' process has defined parameter upon installation to notify and download configuration file.

It notifies installation information on the following URL:

  • http://app.{BLOCKED}enu.com/{BLOCKED}Install?app=VVSN&url=FIVE120501&id={value}&ui=JH

It downloads configuration file from the following URL:

  • http://{BLOCKED}eb.whenu.com/vvsn/FIVE120501/vsn.cfg

However as of this writing, the said sites are inaccessible.

The configuration file may contain information where it can download and save other components.

Upon running 'ShrinkTo5Gui.exe' process, it may connect to the following URL to notify installed version::

  • http://www.{BLOCKED}inkto5.com/version/version.aspx?{parameters}

It does not have rootkit capabilities.

It does not exploit any vulnerability.

  SOLUTION

Minimum Scan Engine:

9.700

SSAPI PATTERN File:

1.566.13

SSAPI PATTERN Date:

14 Nov 2014

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 3

Identify and terminate files detected as ADW_WENHU

[ Learn More ]
  1. Windows Task Manager may not display all running processes. In this case, please use a third-party process viewer, preferably Process Explorer, to terminate the malware/grayware/spyware file. You may download the said tool here.
  2. If the detected file is displayed in either Windows Task Manager or Process Explorer but you cannot delete it, restart your computer in safe mode. To do this, refer to this link for the complete steps.
  3. If the detected file is not displayed in either Windows Task Manager or Process Explorer, continue doing the next steps.

Step 4

Remove ADW_WENHU by using its own Uninstall option

[ Learn More ]
To uninstall the grayware process

Step 5

Delete this registry key

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\SOFTWARE
    • MimarSinan
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    • ShrinkTo5
  • In HKEY_CURRENT_USER\Software
    • FoxBurnerPlugin
  • In HKEY_LOCAL_MACHINE\Software
    • FoxBurnerPlugin
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback
    • Scripts
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • F1B496B301445D115AA4000972A8B18B
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 280FD061CF364EA4EADBD15B8EFC25DD
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • D379A2A859D08A049A6E444E8CD0A316
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • B78108D9E9266BC44801C17622DE6C39
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • B6FE163B24F4F2A48B50F710504E536A
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • FEB1994CE6084AB4D9C34B797778F51E
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • C925D6AF2CD9B7849BDD0E7C38DF54AD
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 4F193977C30794E42ABA989C9D9D07ED
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 3D607B6900529724884E35217A4F2D6D
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • B027EF26403A4C0408EA3AC204C2EB0C
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 3AFF5C8DF1182B6439FC83227EECEE72
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 1EC388B54B6E4E047B978F669C1B2108
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 8036BA31FC45F3346800B55124574B50
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 1CC93E8474BA7FB4BA35913F637C3CB8
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • E3FC78781348B4D4D9BA60724C588052
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 7921FC361FE2FCE43ACF6DFA4A6DD51A
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • A879FB4C508C3EA4E90F0EE5F9388BCF
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 7D61E4CC7EBFE0A47BD59EA72602773F
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 881FAE10E7EEE7B4285441801AA712BA
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • F4B2C5476031CB4448B5BA7400606586
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 353E3E8EC4BB7E640821B668B49F957E
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • C0540D40C1784984D991B8D9AE0E99FA
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • C2A4FFD49348ECC49BA1569B70840CA9
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 5BC5D6367268E4F429DB6744C0FFF5BE
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • D6F6AD0BF9FB57742913B2F635DF0A88
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 454243871D8745C4EB7EE7BE3ED3AE92
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 54A15747D9771A4419A14B69EDA8FFDA
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 3CF29DBC968C60D41B090C7CE413C2D5
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 1034C1CAA1E9D0E4BA9734843D79505D
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • AF7510FA705ED0040ACF271FBE37E316
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 6A7EADFAA5339F84DA0D3B77A13747B7
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • D66C10AD6C3EA55428E5687B70C88598
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • CBF1B10E8B5CD204292C9FAA088A746B
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • FF6BFCE474CFF4A469B3BBA390955F3E
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • BA7DBE4D9D9D35A4A894C78E5861F10D
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 6F9D6CD79B9352742A37BB5BD1B9A595
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 047606991B7DEC947A9F91DEF3642DB1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 92E20068D31937B46BCC5D7B9E511B54
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • F02008B1DFFF2F3449991AEE28F3C02F
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • BD46C6C4776B99B49B9CCE9EFC3B58EC
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
    • 6C67BC8359B9A9D469078F58D4710864
  • In HKEY_LOCAL_MACHINE\Software\Classes\DVD\Shell
    • Copy using ShrinkTo5
  • In HKEY_LOCAL_MACHINE\Software\Classes
    • ShrinkTo5
  • In HKEY_LOCAL_MACHINE\Software\Classes\ShrinkTo5\Shell
    • PlayDVDMovieOnArrival_ShrinkTo5
  • In HKEY_CURRENT_USER\Software
    • ShrinkTo5
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers
    • ShrinkTo5PlayDVDMovieOnArrival
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
    • InstallProperties
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
    • {BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes
    • 81DDE23005491FF42860E9C51B541A54
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
    • Usage
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features
    • 91BFF6DBBFD994F4A9D1093E47CDD0DB
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
    • Features
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
    • Patches
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\81DDE23005491FF42860E9C51B541A54
  • In HKEY_CLASSES_ROOT
    • DVDPl.DVDPlayer.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
    • DVDPl.DVDPlayer.1
  • In HKEY_CLASSES_ROOT
    • DVDPl.DVDPlayer
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
    • DVDPl.DVDPlayer
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    • {08422B56-8367-4C45-BFC5-FFB981A8240A}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    • {4EA52C03-2E34-4F10-9408-B423EC9EAC94}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    • {DE456C52-809D-427D-BD97-688B0528758C}
  • In HKEY_CLASSES_ROOT
    • SkinCrafter.SCSkin.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
    • SkinCrafter.SCSkin.1
  • In HKEY_CLASSES_ROOT
    • SkinCrafter.SCSkin
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
    • SkinCrafter.SCSkin
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {125C3F0B-1073-4783-9A7B-D33E54269CA5}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    • {9DAE9D91-4599-4CCC-B237-F57F807388B5}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    • {70CBB0D9-96B5-4A67-92FF-64D503F0F83E}
  • In HKEY_CLASSES_ROOT\CLSID
    • {E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}
  • In HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    • BMenuPlg
  • In HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    • BMenuPlg

Step 6

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • VVSN = "%Program Files%\VVSN\VVSN.exe"

Step 7

Search and delete these folders

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.
  • {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}
  • {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}
  • %User Temp%\mia{value}.tmp
  • %Application Data%\Seven Zip
  • %User Temp%\mia1
  • %Program Files%\VVSN
  • {Path indicated during installation}\ShrinkTo5
  • %Program Files%\FoxBurnerPlugin
  • %System Root%\ShrinkTo5_Movies

Step 8

Search and delete this file

[ Learn More ]
There may be some files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • {variable dependent on installation}\Desktop\ShrinkTo5Gui.lnk
  • %Windows%\system32\BMenuPlg.dll

Step 9

Scan your computer with your Trend Micro product to delete files detected as ADW_WENHU. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

NOTES:

Not deleting the file %Windows%\Installer\{random file name}.msi is allowed since said file has no reference.


Did this description help? Tell us how we did.