I've seen its like before
One of my co-workers was afflicted with similar malware a few years ago. It checked the hard drive, found a few megs of unallocated space, and created a partition of an unknown type to hold the code. The malware set its partition to "bootable" and loaded before Windows. To remove it, I had to:
- Boot from a GParted Live disc
- Delete the rogue partition
- Expand the Windows partition to occupy that space (you won't pull that trick twice)
- Boot from a Windows installation disc
- Run Windows repair and fix the boot configuration
- Boot into Windows
- Run several anti-malware programs to "delouse" the PC
Never a dull moment around here....