In a reply to the post I found on this site titled "How can I disable HP preloaded datamining?", here is a copy of HP's scripts that alter the PC's configuration
WITHOUT THE OWNER'S CONSENT:
I found reference to these scripts in my PC's Registry at:
Code:
hklm\software\hewlett-packard\cpc\pcintro
In particular, there seems to be a few suspicious folders:
Code:
C:\HP\bin\
and
C:\WINDOWS\system32\pcintro\
and
C:\WINDOWS\system32\pcintro\tools\
and
C:\Program Files\Hewlett-Packard\
In the c:\hp\bin folder, I found some questionable files such as:
Code:
cloaker.exe
commands.exe
spawn.exe
WaitAndDelete.jse -- an ENCRYPTED javascript file
Here's a few snippets of HP's scripts:
C:\HP\BIN\firstboot.txt:
Code:
[commands]
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\CustomizePC_ALL_WW\CustomizePC_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c C:\WINDOWS\system32\pcintro\laptop.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /c c:\hp\bin\EISDtIconDropper\EISDtIconDropper.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\BTBHost_ALL_WW\BTBHost_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\FB_EIS_ALL_WW\FB_EIS_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\AOL_ALL_EN_US\AOL_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\EarthlinkDIALUP_ALL_EN_US\EarthlinkDIALUP_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Yahoo_toolbar_ALL_EN_US\Yahoo_toolbar_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\MSN90_ALL_EN_US\MSN90_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Netscape_Browser_ALL_EN_US\Netscape_Browser_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Vonage_ALL_EN_US\Vonage_ALL_EN_US.bat"
The "
c:\hp\bin\cloaker.exe" application which, by its name, is intended to hide its true purpose from the PC owner.
One of the above scripts (shown in red) resides in folder:
C:\WINDOWS\system32\pcintro\
That same folder contains a file "
autorun.exe" which was a
shortcut on my desktop titled "
HP Easy Setup". What a sneaky lure.
C:\WINDOWS\system32\pcintro\LAPTOP.BAT:
Code:
REM Check if necessary variables and tool exist
if not defined ISO_LG set ISO_LG=EN
xcopy %SystemRoot%\system32\pcintro\tools\*.exe c:\hp\bin\ /y /d
xcopy %SystemRoot%\system32\pcintro\tools\*.jse c:\hp\bin\ /y /d
REM ******FROM firstboot.txt************
REM ***Setup warranty reminders***
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\clean.bat
REM ***Setup Registration reminders***
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\clean.bat
REM Use localized program name
start /wait c:\hp\bin\uini "%SystemRoot%\system32\pcintro\strings.js" %ISO_LG% StartPage[0] ESName "%SystemRoot%\system32\pcintro\a.bat"
call "%SystemRoot%\system32\pcintro\a.bat"
if defined ESName set ESName=%ESName:~1,-2%
if not defined ESName set ESName=Easy Setup
reg add HKLM\SOFTWARE\Hewlett-Packard\cpc\pcintro /v AppName /d "%ESName%" /f
if exist "%SystemRoot%\system32\pcintro\a.bat" del /q "%SystemRoot%\system32\pcintro\a.bat"
REM Modify Start menu shortcut
%SystemRoot%\system32\pcintro\iaccess.exe %SystemRoot%\system32\pcintro\IaccessDelShortcut.ini
wscript %SystemRoot%\system32\pcintro\ReplaceIAccessShortcut.vbs "%ESName%" "%SystemRoot%\system32\pcintro\autorun.exe" //B //Nologo
REM *********FROM Before.bat******************
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v later /d 0 /f
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v PLATFORM /d MCD /f
:: auto-start removed for cNB - autorun invoked from PININST.INI (kr 11-Oct-2005)
:: "%SystemRoot%\system32\pcintro\autorun.exe"
C:\WINDOWS\system32\pcintro\firstboot.BAT Code:
REM ***Add Launched to RunOnceEx in case launched from EIS***
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\0002
/--forced line break--/
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry1 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\Before.bat" /f
rem *Moved to Before.bat* reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry2 /d "%SystemRoot%\system32\pcintro\autorun.exe" /f
REM ***Setup warranty reminders***
if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_us" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
if /i "%ISO_LG%_%ISO_COUNTRY%"=="fr_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry4 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\clean.bat" /f
REM ***Setup Registration reminders***
rem if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_us" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
rem if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry6 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\clean.bat" /f
REM **Set Platform Key**
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v PLATFORM /d CPC /f
REM ***Change 404 page destination***
rem @setlocal
rem for /f "usebackq tokens=3,*" %%I in (`reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ISPSignup.Exe" /Ve ^| find /i "IspSig"`) do Set ISPApp=%%J%
rem call :getApp "%ISPApp%"
rem goto :next
rem :getApp
rem echo %~s1
rem c:\hp\bin\uini.exe "c:\windows\system32\oobe\oobeinfo.ini" "Signup" "ISPSignupApp" "%~s1"
rem goto :next
REM Use localized program name
start /wait c:\hp\bin\uini "%SystemRoot%\system32\pcintro\strings.js" %ISO_LG% StartPage[0] ESName "%SystemRoot%\system32\pcintro\a.bat"
call "%SystemRoot%\system32\pcintro\a.bat"
if defined ESName set ESName=%ESName:~1,-2%
if not defined ESName set ESName=Easy Setup
reg add HKLM\SOFTWARE\Hewlett-Packard\cpc\pcintro /v AppName /d "%ESName%" /f
if exist "%SystemRoot%\system32\pcintro\a.bat" del /q "%SystemRoot%\system32\pcintro\a.bat"
REM Modify Start menu shortcut
%SystemRoot%\system32\pcintro\iaccess.exe %SystemRoot%\system32\pcintro\IaccessDelShortcut.ini
wscript %SystemRoot%\system32\pcintro\ReplaceIAccessShortcut.vbs "%ESName%" "%SystemRoot%\system32\pcintro\autorun.exe" //B //Nologo
How can I disable HP preloaded datamining? 
Linear Mode
