ADW_WENHU
WebToolbar.Win32.WhenU.a(Kaspersky),Win32/Adware.WhenU.SaveNow application(NOD32)
Windows
Threat Type: Adware
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Downloaded from the Internet
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It does not have any propagation routine.
It does not have any backdoor routine.
TECHNICAL DETAILS
4,797,659 bytes
EXE
Yes
14 Nov 2014
Installs programs
Arrival Details
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This adware drops the following files:
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\instance.dat
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\mia.dll
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.dat
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.msi
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.par
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.res
- {variable dependent on installation}\Desktop\ShrinkTo5Gui.lnk
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - FAQ (Read this before you ask!).lnk
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - Forum.lnk
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5 - Homepage.lnk
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\ShrinkTo5Gui.lnk
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}\Uninstall ShrinkTo5.lnk
- %Application Data%\Seven Zip\Codecs\7zAes.dll
- %Application Data%\Seven Zip\Codecs\Aes.dll
- %Application Data%\Seven Zip\Codecs\Branch.dll
- %Application Data%\Seven Zip\Codecs\Copy.dll
- %Application Data%\Seven Zip\Codecs\LZMA.dll
- %Application Data%\Seven Zip\Codecs\Swap.dll
- %Application Data%\Seven Zip\Formats\7z.dll
- %Program Files%\FoxBurnerPlugin\FoxBurnerU.dll
- %Program Files%\FoxBurnerPlugin\FoxPlug.exe
- %Program Files%\FoxBurnerPlugin\language.ini
- %Program Files%\FoxBurnerPlugin\SkinCrafter.dll
- {Path indicated during installation}\DVDPl.dll
- {Path indicated during installation}\Final.wav
- {Path indicated during installation}\language.ini
- {Path indicated during installation}\ShrinkTo5.dll
- {Path indicated during installation}\ShrinkTo5.skf
- {Path indicated during installation}\ShrinkTo5Gui.exe
- %Program Files%\VVSN\vvsn.cfg
- %Program Files%\VVSN\VVSN.exe - detected as ADW_WENHU
- %Program Files%\VVSN\URL1\vsn.cfg
- %Windows%\Installer\{random file name}.msi
- %Windows%\system32\BMenuPlg.dll
- %User Temp%\mia1\componentstree.dfm - will be deleted after installation
- %User Temp%\mia1\componentstree.dfm.miaf - will be deleted after installation
- %User Temp%\mia1\destination.dfm - will be deleted after installation
- %User Temp%\mia1\destination.dfm.miaf - will be deleted after installation
- %User Temp%\mia1\finish.dfm - will be deleted after installation
- %User Temp%\mia1\finish.dfm.miaf - will be deleted after installation
- %User Temp%\mia1\license.rtf - will be deleted after installation
- %User Temp%\mia1\licensecheck.dfm - will be deleted after installation
- %User Temp%\mia1\licensecheck.dfm.miaf - will be deleted after installation
- %User Temp%\mia1\maintenance.dfm - will be deleted after installation
- %User Temp%\mia1\maintenance.dfm.miaf - will be deleted after installation
- %User Temp%\mia1\mMSIExec.dll - will be deleted after installation
- %User Temp%\mia1\mWinRunExec.dll - will be deleted after installation
- %User Temp%\mia1\{other component files} - will be deleted after installation
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\mWinRunExec.dll
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\cabinet.dll
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\imagehlp.dll
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\instmsi.msi
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.cat
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.dll
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msi.inf
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\msiexec.exe
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode\{Other component files}
- %User Temp%\mia{value}.tmp\data\mMSI.dll\mMSIExec.dll
- %User Temp%\mia{value}.tmp\data\mWinRun.dll\mWinRunExec.dll
- %User Temp%\mia{value}.tmp\data\OFFLINE\{Other folders created}\{File content}
- %User Temp%\mia{value}.tmp\data\ShrinkTo5Setup.msi
- %User Temp%\mia{value}.tmp\data\{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
- %User Temp%\mia{value}.tmp\mia.dll
- %User Temp%\mia{value}.tmp\ShrinkTo5Setup.exe
- %User Temp%\mia{value}.tmp\ShrinkTo5Setup.msi
- %User Temp%\mia{value}.tmp\ShrinkTo5Setup.res
(Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)
It creates the following folders:
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}
- %User Temp%\mia{value}.tmp
- %User Temp%\mia{value}.tmp\data
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\ansi
- %User Temp%\mia{value}.tmp\data\Microsoft Windows Installer 2.0\mWinRun.dll\unicode
- %User Temp%\mia{value}.tmp\data\mMSI.dll
- %User Temp%\mia{value}.tmp\data\mWinRun.dll
- %User Temp%\mia{value}.tmp\data\OFFLINE
- %User Temp%\mia{value}.tmp\data\OFFLINE\{Other folders created}
- %Application Data%\Seven Zip
- %Application Data%\Seven Zip\Codecs
- %Application Data%\Seven Zip\Formats
- %User Temp%\mia1
- %Program Files%\VVSN
- %Program Files%\VVSN\URL1
- {Path indicated during installation}\ShrinkTo5
- %Program Files%\FoxBurnerPlugin
- %System Root%\ShrinkTo5_Movies
(Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %System Root% is the Windows root folder, where it usually is C:\ on all Windows operating system versions.)
It adds the following mutexes to ensure that only one of its copies runs at any one time:
- WhenU_VVSN_1_0_SharedMutex <-- VVSN.exe process
Autostart Technique
This adware adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
VVSN = "%Program Files%\VVSN\VVSN.exe"
Other System Modifications
This adware adds the following registry keys:
HKEY_CURRENT_USER\SOFTWARE\MimarSinan\
InstallAware\Seven Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\
InstallAware\Ident.Cache\{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
HKEY_LOCAL_MACHINE\Software\FoxBurnerPlugin
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
InProgress
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
Rollback\Scripts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F1B496B301445D115AA4000972A8B18B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
280FD061CF364EA4EADBD15B8EFC25DD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D379A2A859D08A049A6E444E8CD0A316
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B78108D9E9266BC44801C17622DE6C39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B6FE163B24F4F2A48B50F710504E536A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FEB1994CE6084AB4D9C34B797778F51E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C925D6AF2CD9B7849BDD0E7C38DF54AD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
4F193977C30794E42ABA989C9D9D07ED
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3D607B6900529724884E35217A4F2D6D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B027EF26403A4C0408EA3AC204C2EB0C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
E3FC78781348B4D4D9BA60724C588052
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7921FC361FE2FCE43ACF6DFA4A6DD51A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
A879FB4C508C3EA4E90F0EE5F9388BCF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7D61E4CC7EBFE0A47BD59EA72602773F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
881FAE10E7EEE7B4285441801AA712BA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F4B2C5476031CB4448B5BA7400606586
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
353E3E8EC4BB7E640821B668B49F957E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C0540D40C1784984D991B8D9AE0E99FA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C2A4FFD49348ECC49BA1569B70840CA9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
5BC5D6367268E4F429DB6744C0FFF5BE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D6F6AD0BF9FB57742913B2F635DF0A88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
454243871D8745C4EB7EE7BE3ED3AE92
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
54A15747D9771A4419A14B69EDA8FFDA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3CF29DBC968C60D41B090C7CE413C2D5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1034C1CAA1E9D0E4BA9734843D79505D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
AF7510FA705ED0040ACF271FBE37E316
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6A7EADFAA5339F84DA0D3B77A13747B7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D66C10AD6C3EA55428E5687B70C88598
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
CBF1B10E8B5CD204292C9FAA088A746B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FF6BFCE474CFF4A469B3BBA390955F3E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6F9D6CD79B9352742A37BB5BD1B9A595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
047606991B7DEC947A9F91DEF3642DB1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
92E20068D31937B46BCC5D7B9E511B54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F02008B1DFFF2F3449991AEE28F3C02F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BD46C6C4776B99B49B9CCE9EFC3B58EC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6C67BC8359B9A9D469078F58D4710864
HKEY_LOCAL_MACHINE\Software\Classes\
DVD\Shell\Copy using ShrinkTo5
HKEY_LOCAL_MACHINE\Software\Classes\
DVD\Shell\Copy using ShrinkTo5\
Command
HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5
HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell
HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5
HKEY_LOCAL_MACHINE\Software\Classes\
ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5\
Command
HKEY_CURRENT_USER\Software\ShrinkTo5
HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
UpgradeCodes\81DDE23005491FF42860E9C51B541A54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Usage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Features\91BFF6DBBFD994F4A9D1093E47CDD0DB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Patches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\UpgradeCodes\81DDE23005491FF42860E9C51B541A54
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Media
HKEY_CLASSES_ROOT\DVDPl.DVDPlayer.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer.1\CLSID
HKEY_CLASSES_ROOT\DVDPl.DVDPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
DVDPl.DVDPlayer\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Insertable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\MiscStatus\
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{08422B56-8367-4C45-BFC5-FFB981A8240A}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\TypeLib
HKEY_CLASSES_ROOT\SkinCrafter.SCSkin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin.1\CLSID
HKEY_CLASSES_ROOT\SkinCrafter.SCSkin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SkinCrafter.SCSkin\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{9DAE9D91-4599-4CCC-B237-F57F807388B5}\1.7\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}
HKEY_CLASSES_ROOT\CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}\
InProcServer32
HKEY_CLASSES_ROOT\*\shellex\
ContextMenuHandlers\BMenuPlg
HKEY_CLASSES_ROOT\Folder\shellex\
ContextMenuHandlers\BMenuPlg
HKEY_CURRENT_USER\SOFTWARE\MimarSinan
HKEY_CURRENT_USER\SOFTWARE\MimarSinan\
InstallAware
It adds the following registry entries:
HKEY_CURRENT_USER\Software\MimarSinan\
InstallAware\Seven Zip
Path = "%User Profile%\Application Data\Seven Zip"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
DisplayIcon = "%All Users' Application Data%\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
DisplayName = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
ModifyPath = "%All Users' Application Data%\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}\ShrinkTo5Setup.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Publisher = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Contact = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
URLUpdateInfo = "http://www.{BLOCKED}to5.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
ShrinkTo5
Comments = "All rights reserved"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DialogLabel = "FoxBurner Plugin"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DoSkinning = "0"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
DeviceCount = "0"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
ShowSettings = "1"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
Language = "1033"
HKEY_LOCAL_MACHINE\SOFTWARE\FoxBurnerPlugin
FoxPlug = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\FoxBurnerPlugin
Language = "1033"
HKEY_CURRENT_USER\Software\FoxBurnerPlugin
LicenseKey = "E3579-0812F-4B718-916B0-00100-000FE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Rollback\Scripts
%System Root%\Config.Msi\32fbf.rbs = "434ebb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
280FD061CF364EA4EADBD15B8EFC25DD
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D379A2A859D08A049A6E444E8CD0A316
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\DVDPl.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B78108D9E9266BC44801C17622DE6C39
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\Final.wav"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B6FE163B24F4F2A48B50F710504E536A
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\language.ini"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FEB1994CE6084AB4D9C34B797778F51E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C925D6AF2CD9B7849BDD0E7C38DF54AD
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5.skf"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
4F193977C30794E42ABA989C9D9D07ED
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\ShrinkTo5\ShrinkTo5Gui.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3D607B6900529724884E35217A4F2D6D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
B027EF26403A4C0408EA3AC204C2EB0C
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Desktop%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\FoxBurnerU.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3AFF5C8DF1182B6439FC83227EECEE72
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\FoxBurnerU.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1EC388B54B6E4E047B978F669C1B2108
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\FoxPlug.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\language.ini"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
8036BA31FC45F3346800B55124574B50
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\language.ini"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Program Files%\FoxBurnerPlugin\SkinCrafter.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1CC93E8474BA7FB4BA35913F637C3CB8
00000000000000000000000000000000 = "%Program Files%\FoxBurnerPlugin\SkinCrafter.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
E3FC78781348B4D4D9BA60724C588052
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\DVD\Shell\Copy using ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7921FC361FE2FCE43ACF6DFA4A6DD51A
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\DVD\Shell\Copy using ShrinkTo5\Command"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
A879FB4C508C3EA4E90F0EE5F9388BCF
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
7D61E4CC7EBFE0A47BD59EA72602773F
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
881FAE10E7EEE7B4285441801AA712BA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F4B2C5476031CB4448B5BA7400606586
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
353E3E8EC4BB7E640821B668B49F957E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C0540D40C1784984D991B8D9AE0E99FA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "00:\ShrinkTo5\Shell\PlayDVDMovieOnArrival_ShrinkTo5\Command"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
C2A4FFD49348ECC49BA1569B70840CA9
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
5BC5D6367268E4F429DB6744C0FFF5BE
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D6F6AD0BF9FB57742913B2F635DF0A88
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
454243871D8745C4EB7EE7BE3ED3AE92
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
54A15747D9771A4419A14B69EDA8FFDA
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
3CF29DBC968C60D41B090C7CE413C2D5
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
1034C1CAA1E9D0E4BA9734843D79505D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
AF7510FA705ED0040ACF271FBE37E316
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6A7EADFAA5339F84DA0D3B77A13747B7
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
D66C10AD6C3EA55428E5687B70C88598
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
CBF1B10E8B5CD204292C9FAA088A746B
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
FF6BFCE474CFF4A469B3BBA390955F3E
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\Language"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\SharedDlls
%System%\BMenuPlg.dll = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D
91BFF6DBBFD994F4A9D1093E47CDD0DB = "C?\WINDOWS\system32\BMenuPlg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\SharedDlls
%System%\BMenuPlg.dll = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BA7DBE4D9D9D35A4A894C78E5861F10D
00000000000000000000000000000000 = "C?\WINDOWS\system32\BMenuPlg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6F9D6CD79B9352742A37BB5BD1B9A595
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\TargetFolder"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
047606991B7DEC947A9F91DEF3642DB1
91BFF6DBBFD994F4A9D1093E47CDD0DB = "01:\Software\ShrinkTo5\Options\NotifyFile"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
92E20068D31937B46BCC5D7B9E511B54
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%System Root%\ShrinkTo5_Movies"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
F02008B1DFFF2F3449991AEE28F3C02F
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
BD46C6C4776B99B49B9CCE9EFC3B58EC
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
6C67BC8359B9A9D469078F58D4710864
91BFF6DBBFD994F4A9D1093E47CDD0DB = "%Start Menu%\Programs\ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Start Menu%\Programs\ShrinkTo5 = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Program Files%\ShrinkTo5 = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%Program Files%\FoxBurnerPlugin = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
Folders
%System Root%\ShrinkTo5_Movies = "1"
HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
Language = "1033"
HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
TargetFolder = "%System Root%\ShrinkTo5_Movies"
HKEY_CURRENT_USER\Software\ShrinkTo5\
Options
NotifyFile = "DEFAULT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
Action = "Copy DVD Video"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
DefaultIcon = "%Program Files%\ShrinkTo5\ShrinkTo5.exe,0 "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
InvokeProgID = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
InvokeVerb = "PlayDVDMovieOnArrival_ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\ShrinkTo5PlayDVDMovieOnArrival
Provider = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
RegOwner = "{user name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
ProductID = "none"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
LocalPackage = "%Windows%\Installer\32fc0.msi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
DisplayVersion = "2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
InstallDate = "20131014"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
InstallSource = "%User Temp%\mia1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoRemove = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Publisher = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
EstimatedSize = "1144"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
SystemComponent = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
VersionMajor = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
VersionMinor = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
WindowsInstaller = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Version = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
DisplayVersion = "2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
InstallDate = "20131014"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
InstallSource = "%User Temp%\mia1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoRemove = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Publisher = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
EstimatedSize = "1144"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
SystemComponent = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
VersionMajor = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
VersionMinor = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
WindowsInstaller = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Version = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\InstallProperties
DisplayName = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
DisplayName = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features
FEATURE_ID = "3E'+7d?3g(Svy?VXB]2d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
91BFF6DBBFD994F4A9D1093E47CDD0DB\Features
{Other Entries} = "{Character values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
ProductName = "ShrinkTo5"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
PackageCode = "631DFA49FD1EB8A46A144DEBA2A5E853"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Version = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
Assignment = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
AdvertiseFlags = "184"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
InstanceType = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
AuthorizedLUAApp = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList
PackageName = "ShrinkTo5Setup.msi"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net
1 = "%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Net
2 = "%User Temp%\mia1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList\Media
1 = ";"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB\
SourceList
LastUsedSource = "n;1;%User Temp%\mia1.tmp\data"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4EA52C03-2E34-4F10-9408-B423EC9EAC94}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DE456C52-809D-427D-BD97-688B0528758C}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{125C3F0B-1073-4783-9A7B-D33E54269CA5}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{70CBB0D9-96B5-4A67-92FF-64D503F0F83E}\TypeLib
Version = "1.7"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}\InProcServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Shell Extensions\
Approved
{E66A25D8-CE51-4611-A6CE-D5E08EB33A5C} = "BMenuPlg"
Propagation
This adware does not have any propagation routine.
Backdoor Routine
This adware does not have any backdoor routine.
NOTES:
The installer mainly installs ShrinkTo5, an application capable of backing up DVD data.
The following images are some steps of the installation process:
The following will determine the 'Path indicated during installation' dropped files:
The following will determine the 'variable dependent on installation'(If option All users of this computer:%All Users Profile% , if Just me:%User Profile%; add '\Microsoft' on the path if Windows Vista and Above) and 'Chosen program name installation' dropped files:
The following indicates that it is now installing:
The installer has a bundled potentially unwanted program upon installation which is dropped on the following:
- %Program Files%\VVSN\vvsn.cfg - configuration information
- %Program Files%\VVSN\VVSN.exe
'VVSN.exe' process has defined parameter upon installation to notify and download configuration file.
It notifies installation information on the following URL:
- http://app.{BLOCKED}enu.com/{BLOCKED}Install?app=VVSN&url=FIVE120501&id={value}&ui=JH
It downloads configuration file from the following URL:
- http://{BLOCKED}eb.whenu.com/vvsn/FIVE120501/vsn.cfg
However as of this writing, the said sites are inaccessible.
The configuration file may contain information where it can download and save other components.
Upon running 'ShrinkTo5Gui.exe' process, it may connect to the following URL to notify installed version::
- http://www.{BLOCKED}inkto5.com/version/version.aspx?{parameters}
It does not have rootkit capabilities.
It does not exploit any vulnerability.
SOLUTION
9.700
1.566.13
14 Nov 2014
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.
Step 3
Identify and terminate files detected as ADW_WENHU
- Windows Task Manager may not display all running processes. In this case, please use a third-party process viewer, preferably Process Explorer, to terminate the malware/grayware/spyware file. You may download the said tool here.
- If the detected file is displayed in either Windows Task Manager or Process Explorer but you cannot delete it, restart your computer in safe mode. To do this, refer to this link for the complete steps.
- If the detected file is not displayed in either Windows Task Manager or Process Explorer, continue doing the next steps.
Step 4
Remove ADW_WENHU by using its own Uninstall option
Step 5
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_CURRENT_USER\SOFTWARE
- MimarSinan
- MimarSinan
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- ShrinkTo5
- ShrinkTo5
- In HKEY_CURRENT_USER\Software
- FoxBurnerPlugin
- FoxBurnerPlugin
- In HKEY_LOCAL_MACHINE\Software
- FoxBurnerPlugin
- FoxBurnerPlugin
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback
- Scripts
- Scripts
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- F1B496B301445D115AA4000972A8B18B
- F1B496B301445D115AA4000972A8B18B
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 280FD061CF364EA4EADBD15B8EFC25DD
- 280FD061CF364EA4EADBD15B8EFC25DD
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- D379A2A859D08A049A6E444E8CD0A316
- D379A2A859D08A049A6E444E8CD0A316
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- B78108D9E9266BC44801C17622DE6C39
- B78108D9E9266BC44801C17622DE6C39
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- B6FE163B24F4F2A48B50F710504E536A
- B6FE163B24F4F2A48B50F710504E536A
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- FEB1994CE6084AB4D9C34B797778F51E
- FEB1994CE6084AB4D9C34B797778F51E
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- C925D6AF2CD9B7849BDD0E7C38DF54AD
- C925D6AF2CD9B7849BDD0E7C38DF54AD
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 4F193977C30794E42ABA989C9D9D07ED
- 4F193977C30794E42ABA989C9D9D07ED
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 3D607B6900529724884E35217A4F2D6D
- 3D607B6900529724884E35217A4F2D6D
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- B027EF26403A4C0408EA3AC204C2EB0C
- B027EF26403A4C0408EA3AC204C2EB0C
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 3AFF5C8DF1182B6439FC83227EECEE72
- 3AFF5C8DF1182B6439FC83227EECEE72
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 1EC388B54B6E4E047B978F669C1B2108
- 1EC388B54B6E4E047B978F669C1B2108
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 8036BA31FC45F3346800B55124574B50
- 8036BA31FC45F3346800B55124574B50
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 1CC93E8474BA7FB4BA35913F637C3CB8
- 1CC93E8474BA7FB4BA35913F637C3CB8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- E3FC78781348B4D4D9BA60724C588052
- E3FC78781348B4D4D9BA60724C588052
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 7921FC361FE2FCE43ACF6DFA4A6DD51A
- 7921FC361FE2FCE43ACF6DFA4A6DD51A
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- A879FB4C508C3EA4E90F0EE5F9388BCF
- A879FB4C508C3EA4E90F0EE5F9388BCF
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 7D61E4CC7EBFE0A47BD59EA72602773F
- 7D61E4CC7EBFE0A47BD59EA72602773F
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 881FAE10E7EEE7B4285441801AA712BA
- 881FAE10E7EEE7B4285441801AA712BA
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- F4B2C5476031CB4448B5BA7400606586
- F4B2C5476031CB4448B5BA7400606586
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 353E3E8EC4BB7E640821B668B49F957E
- 353E3E8EC4BB7E640821B668B49F957E
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- C0540D40C1784984D991B8D9AE0E99FA
- C0540D40C1784984D991B8D9AE0E99FA
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- C2A4FFD49348ECC49BA1569B70840CA9
- C2A4FFD49348ECC49BA1569B70840CA9
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 5BC5D6367268E4F429DB6744C0FFF5BE
- 5BC5D6367268E4F429DB6744C0FFF5BE
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- D6F6AD0BF9FB57742913B2F635DF0A88
- D6F6AD0BF9FB57742913B2F635DF0A88
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 454243871D8745C4EB7EE7BE3ED3AE92
- 454243871D8745C4EB7EE7BE3ED3AE92
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 54A15747D9771A4419A14B69EDA8FFDA
- 54A15747D9771A4419A14B69EDA8FFDA
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 3CF29DBC968C60D41B090C7CE413C2D5
- 3CF29DBC968C60D41B090C7CE413C2D5
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 1034C1CAA1E9D0E4BA9734843D79505D
- 1034C1CAA1E9D0E4BA9734843D79505D
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- AF7510FA705ED0040ACF271FBE37E316
- AF7510FA705ED0040ACF271FBE37E316
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 6A7EADFAA5339F84DA0D3B77A13747B7
- 6A7EADFAA5339F84DA0D3B77A13747B7
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- D66C10AD6C3EA55428E5687B70C88598
- D66C10AD6C3EA55428E5687B70C88598
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- CBF1B10E8B5CD204292C9FAA088A746B
- CBF1B10E8B5CD204292C9FAA088A746B
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- FF6BFCE474CFF4A469B3BBA390955F3E
- FF6BFCE474CFF4A469B3BBA390955F3E
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- BA7DBE4D9D9D35A4A894C78E5861F10D
- BA7DBE4D9D9D35A4A894C78E5861F10D
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 6F9D6CD79B9352742A37BB5BD1B9A595
- 6F9D6CD79B9352742A37BB5BD1B9A595
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 047606991B7DEC947A9F91DEF3642DB1
- 047606991B7DEC947A9F91DEF3642DB1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 92E20068D31937B46BCC5D7B9E511B54
- 92E20068D31937B46BCC5D7B9E511B54
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- F02008B1DFFF2F3449991AEE28F3C02F
- F02008B1DFFF2F3449991AEE28F3C02F
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- BD46C6C4776B99B49B9CCE9EFC3B58EC
- BD46C6C4776B99B49B9CCE9EFC3B58EC
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- 6C67BC8359B9A9D469078F58D4710864
- 6C67BC8359B9A9D469078F58D4710864
- In HKEY_LOCAL_MACHINE\Software\Classes\DVD\Shell
- Copy using ShrinkTo5
- Copy using ShrinkTo5
- In HKEY_LOCAL_MACHINE\Software\Classes
- ShrinkTo5
- ShrinkTo5
- In HKEY_LOCAL_MACHINE\Software\Classes\ShrinkTo5\Shell
- PlayDVDMovieOnArrival_ShrinkTo5
- PlayDVDMovieOnArrival_ShrinkTo5
- In HKEY_CURRENT_USER\Software
- ShrinkTo5
- ShrinkTo5
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers
- ShrinkTo5PlayDVDMovieOnArrival
- ShrinkTo5PlayDVDMovieOnArrival
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
- InstallProperties
- InstallProperties
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
- {BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes
- 81DDE23005491FF42860E9C51B541A54
- 81DDE23005491FF42860E9C51B541A54
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
- Usage
- Usage
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features
- 91BFF6DBBFD994F4A9D1093E47CDD0DB
- 91BFF6DBBFD994F4A9D1093E47CDD0DB
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
- Features
- Features
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
- Patches
- Patches
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\91BFF6DBBFD994F4A9D1093E47CDD0DB
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\81DDE23005491FF42860E9C51B541A54
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\81DDE23005491FF42860E9C51B541A54
- In HKEY_CLASSES_ROOT
- DVDPl.DVDPlayer.1
- DVDPl.DVDPlayer.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- DVDPl.DVDPlayer.1
- DVDPl.DVDPlayer.1
- In HKEY_CLASSES_ROOT
- DVDPl.DVDPlayer
- DVDPl.DVDPlayer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- DVDPl.DVDPlayer
- DVDPl.DVDPlayer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}
- {6BFF058E-54BB-4F36-8E8B-5AA7F8773DC3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {08422B56-8367-4C45-BFC5-FFB981A8240A}
- {08422B56-8367-4C45-BFC5-FFB981A8240A}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {4EA52C03-2E34-4F10-9408-B423EC9EAC94}
- {4EA52C03-2E34-4F10-9408-B423EC9EAC94}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {DE456C52-809D-427D-BD97-688B0528758C}
- {DE456C52-809D-427D-BD97-688B0528758C}
- In HKEY_CLASSES_ROOT
- SkinCrafter.SCSkin.1
- SkinCrafter.SCSkin.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SkinCrafter.SCSkin.1
- SkinCrafter.SCSkin.1
- In HKEY_CLASSES_ROOT
- SkinCrafter.SCSkin
- SkinCrafter.SCSkin
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SkinCrafter.SCSkin
- SkinCrafter.SCSkin
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {125C3F0B-1073-4783-9A7B-D33E54269CA5}
- {125C3F0B-1073-4783-9A7B-D33E54269CA5}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {9DAE9D91-4599-4CCC-B237-F57F807388B5}
- {9DAE9D91-4599-4CCC-B237-F57F807388B5}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {70CBB0D9-96B5-4A67-92FF-64D503F0F83E}
- {70CBB0D9-96B5-4A67-92FF-64D503F0F83E}
- In HKEY_CLASSES_ROOT\CLSID
- {E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}
- {E66A25D8-CE51-4611-A6CE-D5E08EB33A5C}
- In HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
- BMenuPlg
- BMenuPlg
- In HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
- BMenuPlg
- BMenuPlg
Step 6
Delete this registry value
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- VVSN = "%Program Files%\VVSN\VVSN.exe"
- VVSN = "%Program Files%\VVSN\VVSN.exe"
Step 7
Search and delete these folders
- {variable dependent on installation}\Start Menu\Programs\{Chosen program name installation}
- {variable dependent on installation}\Application Data\{94AFD136-E1DF-4A8B-A641-D4BE2A5A8E35}
- %User Temp%\mia{value}.tmp
- %Application Data%\Seven Zip
- %User Temp%\mia1
- %Program Files%\VVSN
- {Path indicated during installation}\ShrinkTo5
- %Program Files%\FoxBurnerPlugin
- %System Root%\ShrinkTo5_Movies
Step 8
Search and delete this file
- {variable dependent on installation}\Desktop\ShrinkTo5Gui.lnk
- %Windows%\system32\BMenuPlg.dll
Step 9
Scan your computer with your Trend Micro product to delete files detected as ADW_WENHU. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
NOTES:
Not deleting the file %Windows%\Installer\{random file name}.msi is allowed since said file has no reference.
Did this description help? Tell us how we did.