A preinstalled local server, presumably running in kernel space for it cause BSOD, crash when connected from localhost and attempted TLS handshake? The preinstalled crapware never changes.

I feel like the only good option at this point when purchasing a prebuilt desktop or a laptop is to nuke the drive and do a clean install of Windows. Seems like the only way to ensure that you've killed the crapware and any partitions meant to preserve/reinstall it.

Sometimes that isn't even enough. Windows for example ships with a feature called the "Windows Platform Binary Table" that will load and run DLLs embedded in a machine's ACPI tables.

Wow. Didn't know that existed. Hard to see what legitimate, user-serving purpose that would serve. Or at least how the good of it's inclusion would outweigh possible harms.

Is there software that will enumerate ACPI for DLLs?

You can look for ACPI table(s) called "WPBT" using RWEverything (if you are a Windows user): http://rweverything.com/downloads/RwPortableX64V1.7.zip

or look into the following filesystem path in Linux: /sys/firmware/acpi/tables

If you want to stay clean, nuke the drive and install linux instead

Only good option is nuke the Windows and use the better OS, like GNU/Linux, FreeBSD or OpenBSD etc.

Preinstalled vendor software is just an endless stream of exploits

A family member with a Dell has similar BSOD problem when visiting some of these websites. Do we know what software preinstalled on Dell causing the problem?

the BSOD minidump should tell you which driver crashed. GUIs exist for analyzing minidumps, it might even be feasible to talk someone through the process over the phone.

One example of a GUI analysis tool for these kinds of memory dumps is WhoCrashed; another is BlueScreenView.

https://www.resplendence.com/whocrashed

http://www.nirsoft.net/utils/blue_screen_view.html

Good to know. Thanks.