A new threat that I haven't seen before in this form is an IncrediMail threat. I find no information on this particular infection online, so be aware.
It has setup an installer from a driveby cache/download (which the user accepted thinking it was an intranet update) and is attempting to 'dial' out. It has changed proxy settings and greyed out all the network and proxy options in Firefox and IE. Fortunately it has got pulled up by our proxy and firewall so no payload was delivered. Not knowing what the payload is, only the vector doesn't help much I know... There are extra processes installed, but I haven't analyzed or cleaned the machine yet to know anything other than they are hidden.
So... there it is. I'm just hoping it's not in more of my machines... I really don't need this now
Perion... based in Isreal is the 'developer' of IncrediMail, and also the 'developer' of SweetIM... which is a big part of the Sweetpacks browser jacking and spyware infection. Typical corporate cyber-crime.
Getting rich by having a toolbar as the main 'monetizing' feature, hmmm.