It may well have a rootkit that is hiding the bad stuff from you. There's no surefire way to clean it successfully unless you know exactly what rootkit variant you're dealing with. If you're lucky, it's not completely covering its tracks and you can get some DLL names that you can google for more information. As a first step, use Rootkit Revealer
. Sometimes you can see suspicious DLL names if you look through the modules in each running process with ProcessExplorer
-- be especially suspicious of DLLs that have no Company Name or description. Note that you have to run in safe mode to have even a chance of removing stuff, and even then you may be SOL unless you shut down explorer and some of the other system tasks and do everything from the commandline. Again, if you can get the names of suspicious DLLs you can google them (ProcessExplorer has a right-click menu item for this) which can often lead you to specific fixes.
But it's a hell of a lot easier to just wipe the thing and start over.