Really looking forward to this.
Some quick thoughts:
What about checking what directory the installer is being run from? If it's wrapped i'm guessing that its being dumped in a temp directory before being launched -- that would be a big clue, and perhaps the only one you actually need?
What have you found for these common adware wrappers? Are they exiting when they launch the real installer, so you don't have access to their info? or can you get the filename of the parent process that launched the installer?