Windows 10: Wow - very pervasive/aggressive "malware", can't solve

Folks - I have one single machine with the most pervasive, confounding "malware" effects I've ever dealt with in 30 years of work in tech. (And I even wrote some viruses and Trojans myself in everything from assembly to C++ in my early days doing formal study of operating systems.) I also can't find out anything specific about a similar infection type here or on other forums. This is a personal HP Pavilion X360 exclusively bought and provisioned for my daughter to use for virtual school work on our home network. Initial behavior: When any version of Windows 10/11 is clean-installed after all partitions are deleted, Windows behaves fine when offline - I can manually install any number of KBs, BIOS updates, OEM drivers, etc. and I've tried maybe 5 different Windows ISOs from pre-21H1 through Win11 22000.71When initially offline, Malwarebytes / Emsisoft report no malware - even scanning for rootkits, even scanning with direct HD accessWhen initially offline, SFC reports no & chkdsk reports no errors As mentioned above, BIOS update is applied - Bios name/revision match HP's latest specs. I then pause Windows Updates and join a network. The following behavior makes ZERO difference how many / which users / built-in Administrator account are set up on the machine. Malware behavior:
[*]Within minutes of joining any network, User Account Control asks to be turned off and system restarted (similar to UAC is consistently turning itself off.). NOTE - I have manually changed computer name / static IPs/DNS settings repeatedly during each clean install process, so this is occurring regardless of the computer's specific IP when it joins.
[*]At this point, Malwarebytes reports Task Manager has been disabled; CMD has been disabled; Registry tools have been disabled - Emergency Kit reports the same findings. Neither tool reports specific malware.
[*]Upon next reboot, I get the old "user profile service failed the sign-in" - no restoration methods work from here on out[/LIST] So...some kind of a RAT? The only other thing I could think of is if it's not really malware, but some failed attempt by HP to install another driver, but you'd think it'd go through the correct chain of command. I'm thinking of installing Fiddler right away too during the offline process and watching for what traffic is happening.

:)

 

McAffee and Emsisoft Anti Malware

Suggestion to also read these threads:

• Emsisoft Anti-Malware or Malwarebytes Anti-Exploit? - Anti-Virus, Anti-Malware, and Privacy Software
• Malwarebytes vs. EmsiSoft - Anti-Virus, Anti-Malware, and Privacy Software

 

McAffee and Emsisoft Anti Malware

I personally use Emsisoft Anti-Malware and IMO it is far better than McAfee...

If you decide to use Emsisoft, please make sure to fully uninstall McAfee with the help of their specific removal tool from this List
of anti-malware product removal tools before you install Emsisoft.

Suggestion to read:

• Choosing an Anti-Virus Program
• Safe Steps for Replacing your Anti-virus - Why should you use Antivirus
  software?
• Supplementing your Anti-Virus Program with Anti-Malware Tools

FYI:

I've asked a moderator to remove the best buy link in your post. If you want to buy Emsisoft Anti Malware then it's best to go directly to their site: emsisoft.com

 

Ransome malware "Files are locked.txt"

I think that's a ransomware called PClock...

Suggestion to read the following threads and, if needed, to ask for further help there:

• New PCLock (updated) infection!!! - Ransomware Help & Tech Support
• PClock Ransomware Support and Help Topic - Ransomware Help & Tech Support

Also make sure to read/do
http://blog.emsisoft.com/2017/02/16/how-to-remove-ransomware-the-right-way-a-step-by-step-guide/