Go through your system32 and system32/dllcache folders looking for recently modified files. Anything that has been modified in the last month should be sent to virusscan.jotti.org for testing under lots of different AV software.

Even if you nail 1 copy don't sop till all recently modified files have been tested. As I recall I had 3 copies on my HD, i think it was the one in //dllcache that I didn't find till much later.

Only three of the AV programs on Jotti's picked up the strain of SdBot that infected my computer. My own copy of AVG didn't but AVG did on Jotti's, though that server runs on Unix.

Searching for solutions on the web was difficult because the SdBot was set to ping some poor sods website, hence nicking all of my bandwidth.