Outward email started to bounce, as our IP has been added to the CBL list. CBL site indicated a positive infection on the IP for Gamarue.
Checked firewall traffic and one machine appears does to be connecting on it's own to various sites on port 80, checked the computer and no browser windows were open.
The computer is "protected" by Symantec Endpoint.
Tried running full scan on Endpoint - nothing found.
Rebooted into safe mode, scanned again, nothing.
Downloaded fresh Mbam in safemode - full scan nothing found
Downloaded fresh Combofix again nothing found.
Running out of ideas :/