Sounds like Peter could explain that much better than I could. In this case, he started noticing misnamed .DLL files. This didn't lead to BIOS suspicions of course but when he couldn't clean and reinstall without being reinfected, he struggled for a while then eventually remembered his Linux dual boot side had used something called "TPM" to store secure copies of his BIOS and he compared the hashes and they no longer matched. He tried to patch the BIOS but could not. Something like that anyways. Honestly, it is deeper than I have the water wings for.
After that he rambled for about 20 minutes about all the linux based things he tried and lost me. Sorry.