Hi again, huge update on this:
my friend's computer that I am on also has it, however it can't activate on this computer (I read through it's code) netfilter.sys claims to be a windows SDK and uses a fake verisign timestamp. further down the real culprit becomes clear with a mention of "China Telecom Trust Network",
further in it describes exactly what I'm experiencing, it creates a proxy and refuses to let the connection be disabled till it finishes installation, it requires a D:\ drive at that point where it creates an install file netfilter.pdb which runs then deletes itself (most likely adding in hooks and driver overwrites and registry, then netfilter.sys takes control of all network devices.
I can send a copy of the file but I warn, it's only tame without a d:\ drive
I'm contacting HP to see if I can reinstall all my drivers and thus possibly re-instance whatever registry or other stuff that got destroyed.