I'll try to keep this as brief as possible:
We have multiple machines affected. Symptoms included random freezes and failure to wake displays (was not in sleep mode) on XP. Windows 7 has been more revealing with random beeps that sound like a phone dialing four numbers from the speakers. Procmon has revealed significant acitivity with svchost and googleupdate.exe during the audio alerts. Also tracked down the audio alerts to AudioDG.exe via procmon.
I have totally reimaged these machines and it's coming back. Can't get rid of it. Completely disconnected all machines from the network for the time being (including ROKU). I'm contacting you from an Unbutu bootable USB flash drive (ya, it's THAT BAD).
I have NEVER seen anything this intrusive or sophisticated. We have already taken steps to protect against identity theft.
I am trying to get a restore working and have formatted the installation drive from Unbutu to wipe the MBR to be safe. Not sure if that's going to work. Some of these restores are being done from the machine (default system restore to factory default). Not sure if that image has been infected somehow.
I would REALLY appreciate assistance on this one. Nothing is catching it. I've run the following from safe mode:
Microsoft Security Essentials
Malware Bytes Full Scan
Microsoft Security Essentials did find and cleaned the following virus one time (on one machine only):
ComboFix did find something on the system files (on a different machine) one time and replaced the file. It has not found anything since although all computers are still infected.
The level of sophistication here is really concerning. I don't think the dial tone beeping sound is intentional. If it hadn't been for that, the random freezes, and my ability to comb throuth Procomon, this thing would still be undetected.
Thank you for your help.