Hi,
One computer in my LAN started to get notifications from malwarebytes, saying IP 93.158.114.37 (outgoing) is blocked. The user can't install software, and he doesn't visit porn/games/etc. sites. I've run a full scan from SEP and Malwarebytes and there doesn't seem to be an infection.
I've also used TCPView and found that this only happens -randomly- when he's using IE. There are no suspicious add-ons also.
I used HJT and found two suspicious things. I can't post the whole log here but these two are the ones that call my attention:
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-CQJ7A.exe" /REG /REGSVRMODE
Any ideas/suggestions?
One computer in my LAN started to get notifications from malwarebytes, saying IP 93.158.114.37 (outgoing) is blocked. The user can't install software, and he doesn't visit porn/games/etc. sites. I've run a full scan from SEP and Malwarebytes and there doesn't seem to be an infection.
I've also used TCPView and found that this only happens -randomly- when he's using IE. There are no suspicious add-ons also.
I used HJT and found two suspicious things. I can't post the whole log here but these two are the ones that call my attention:
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-CQJ7A.exe" /REG /REGSVRMODE
Any ideas/suggestions?