so, what's my hypothesis, so far?

that weird clsid seems to be connected to the dberr.txt file, but it seems to be indirectly - the clsid seems to be quarterbacking some kind of install process, but the various policy settings that i've put in place have mostly stopped it from working. so, i just get errors.

whomever is doing this seems to be a professional. these aren't hacked together scripts. they're, like, corporate deployment files. this person would appear to be a trained network admin. again: i can't imagine anybody but the cops.

i'm going to guess that the restarts are related to the windows update that's running in the background, and i can't figure out.

eventually, after a few restarts, it tries to install something with an unsigned driver, and i get the lock screen. if i turn off signing - something i'll never do ever again - then the install process goes to the next step, and starts installing the list of packages that somehow ended up in the catroot directory. at that point, i'm no doubt sending off updates to the cop shop - or, at least, i would be, if i didn't have all of the networking dismantled. 

what i learned is that the "worm" is probably in the bios, now, and i might need to buy a new windows 7 laptop at the pawn shop before i can get back to what i was doing. i'm very sorry, but i don't otherwise know how i can flash it. that could take me a few months of saving up, in which case i guess i'm going to spend most of the winter reading. it would also mean i'd have to stay in for the spring, because i wouldn't have any money to party with.

i suppose the other option is that it's in the registry, but that doesn't make a lot of sense to me.

the format is at 50%. we'll find out in a few hours.

in the mean time, i'll keep posting here to the laptop. i'm wide awake, and will need to wait until tonight to take a shower, now, because it's too late. so, i guess i'll take a look at the news while i'm waiting.