Hmmm... Seems many of you have this "feature" in your firmware. I'm still too newb for links, so if you're curious goog yourself some "lojack laptop partners" This one came from an "absolute hp firmware" searhc on page 11 of results. Seems like the holy grail of hackables, no? While it may not be my problem, it reads pretty similar to what I'm seeing happen here. The Computrace agent has the ability to gather the following four categories of information, which are primarily data points to allow us to recover lost or stolen computers and to provide asset management of your computers: Location: phone number, local IP address, routable IP address, MAC address, date, time. User: Electronic Serial Number (ESN), user name, computer name, e-mail address. Hardware*: Basic system information: processor type, processor speed, hard disk size, hard disk space available, RAM size, computer make/model/serial number, number of CPUs, BIOS version (PC), BIOS date (PC), networking device description (PC). Storage information: logical drive summary (drive name, type, file system, total size and available space), storage device (ATA, ATAPI/SCSI – e.g., hard drive, CD/DVD, PC), floppy/removable drive, tape drive, RAM disk, network drive, other device, hard disk model, serial number, firmware revision (for SMART-enabled hard disks). Also, hard disk attributes for NT/2000/XP: raw read error rate, spin up time, start/stop count, reallocated sector count, seek error rate, power on hours count, spin retry count, calibration retry count, power cycle count. Printer information: printer attribute, name, driver name, port, share name, server name. Video system and monitor information: video device description and resolution, video display colour depth, monitor type & manufacturer, and monitor refresh rate. Modem information: modem model, port (if available), speed rating: maximum baud rate (if available), networking device description. Software: operating system, service packs for operating systems, software application, version, program & publisher; virus protection title & version, virus protection definition title & definition description. ymmv
Finally a lead... Add an h (newbness sucks) ttp://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Deactivate_the_Rootkit