My customer running XP called with another case FBI Moneypak. At the customer's premise found (to me anyway) a new version of Moneypak I hadn't seen before, this one FBI and Homeland Security accusing the owner of kiddie porn, and on the static warning page, there were 4 images of what I assume is the porn right across the center of the page.
I couldn't remove it using System Restore and a Registry Restore booting from a Spotmau or a UBCD4Win disk.
Found I could boot to Command Prompt and access Windows Explorer.
Tried our usual mixed bag of tricks, none worked until I used the Emsisoft, full scan. followed by Combofix
Only problem after scan was that all Norton programs would not open or run.
Had to reinstall.
I have the log from Combofix. let me know if you want a copy. Lost the one from Emsisoft.