So I checked the proxy settings, and there is nothing configured there. However, when I re-enable Web access protection, and then access the internet in any way, ESET blocks a bunch of weird connections, all to that same IP, but with different urls. Such as hxxp://wpad.******.net/wpad.dat (where ****** is the local Windows domain name of the company). Also a bunch of random URLs with random characters and no TLD such as hxxp://ekickejd, and some are even showing hxxp://****1 (the name of the company's file server).
I've run full scans with ESET and malwarebytes, come back clean.
I know this is probably beyond the scope of the help you provide in these forums, but any info you could provide I would appreciate.
Thanks!