Seems it is infected by something that can protect itself against a regular upgrade. So a netinstall seems to be necessary (and after you finish it and the messages do not appear, change the passwords one more time before connecting it to the net). Also bear in mind that once the malware could get in in the past, the device may be infected from the internal network as well if the malware has managed to install itself on something in the internal network.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.