I bought two new Gateway PC's a few weeks ago. Typically I first uninstall all the bloatware/trialware right away. Then I shut down all unecessary services and remove loads of entries in the registry that are starting unwanted programs. When I was done with all of this, one process remained in task manager that I didn't recognize. rpcnet.exe. Now I know that there is a service called Remote Procedure Call so I looked in the services. It listed Remote Procedure Call as "C:\WINDOWS\system32\svchost -k rpcss" and also Remote Procedure Call (rpcnet.exe) by computrace. Figuring this was more bloatware so I disabled it and rebooted. It was back! I started thinking it was a virus/trojan/spyware. I downloaded hijackthis which let me shut it off. Reboot. It's back! Found the files rpcnet.exe, rpcnetp.exe rpcnet.dll rpcnetp.dll and deleted them and rebooted. It's back! Those files are back too! Now it really looks like a virus. So I google computrace and found out it is some program used to track stolen computers. Strange! I didn't order that on my computer. So I set out to remove it. Many google hits indicated it lived in the mbr so I did a series of fdisk's and fdisk /mbr and reinstalls of Windows XP. Rpcnet.exe came back running every time. Some Google hits also indicate that it may live in the bios. I save a copy of my bios to disk and look at it with cbrom. I got cbrom from http://www.biosmods.com/download.php I had to try several different versions till I found one that worked with my computer/bios.
So I ran...
cbrom32_149 gtgn105.bin /D - (cbrom crashed but still showed all the file names.)
Then I look at all files with hex editor, specifically for something that would indicate computrace.
Found optromg.rom listed at OEM2 CODE. Hex editor showed the string "computrace".
ran cbrom32_149 gtgn105.bin /oem2 release
checked with cbrom32_149 gtgn105.bin /D
Yep, optromg.rom is gone.
So upload new bios....
Reboot. kill rpcnet.exe
disable service rpcnet.exe
Rpcnet.exe is no longer running as a process! Yeah!
(BTW - This procedure has risks that include making your computer non-functional)
UPDATE! I posted optromg.rom in case anyone wants to look at it with a hex editor or try to disassemble it.