Hi chased11,
I was not asked by iMacg3 or anyone else to post this, but since in your last post you have indicated you would like a second opinion, I thought I would take the liberty of stepping in.
More than one person has looked over this thread quite carefully now and we do not see anything to indicate that there is any back door or significant security problem with this computer.
To me, VMM enabled in the BIOS is extraordinarily unlikely to be caused by a remotely executed hack.
Unlike Linux and Mac OS, Windows on principle never communicates with or relies on the BIOS or UEFI during its operation. Hacking or reflashing a BIOS is extraordinarily difficult, and it seems very unlikely indeed that this occurred.
Furthermore, security within modern versions of Windows is like the many layers of an onion. Often you must break through many, many different defences to attack a system. Even if one layer was compromised, that does not mean the system was compromised.
Also, not everything can be explained. Windows is a closed source operating system. We do not have perfect knowledge of every aspect of Microsoft Windows. Some things just are; they're normal and good and we recognise them as such, but we cannot explain why. This does not mean we are incompetent, just that we are relying on our years of experience, rather than impossible levels of knowledge of every single aspect of Windows.
In addition, with regards to what we do here, we provide a free disinfection service. We take infected computers and clean them.
Of course, it's impossible to be 100% sure any system at all is clean, especially if it is connected to the internet. But we can provide reassurance, to a very high degree of - but not absolute - certainty, that a system is clean.
This is what we can say here. We, truly, believe, in our years of experience doing this, that your system is clean of any malware to a very high - but not absolute - degree of certainty.
It seems to me, however, that you wish to have an even greater degree of certainty.
I see two options:
1) Either you look at what you are doing on your computer, and how secure it needs to be, and conclude that nothing in your life is totally secure (post can get intercepted, telephones tapped) and that actually, what you are doing is not so high risk that the current level of certainty is unacceptable. So there is no problem.
2) Or you enlist the help of experts in malware forensics, to see if they can determine if you were ever infected, to a higher degree of certainty than here - but still not absolute.
Please note that we do not provide this service here. In fact, I do not know of anywhere on the internet which does, or I would readily tell you.
There are companies which specialise in it though, for example:
Digital Forensics and Malware Analysis | Secureworks
(Note, I do not endorse this particular company. I have never worked with them or know anything about them. I'm just using them as an example of the kind of service you might want to think about)
I personally believe that these are your only choices.
All the best.