I was given a laptop to work on and had a hard time getting any type of anti-malware to run on the system. Anything I tried would start to run, then stop, then give access denied errors when trying to re-run.

I tried the eset online scanner and it was the only thing that would run, but found nothing. So I pulled the hard drive and scanned it from another pc running 4.2.64.12. cngaudit.dll was detected as infected and removed. Malwarebytes reported it as trojan.sirefef. Even after all that I still couldn't prevent it from coming back. I wound up re-partitioning, format and re-installed the OS.

Just thought I'd pass along.

That sounds like a rootkit being normally active but inactive when the system booted from a clean drive.

Yep that's what I figured too. As much as I like playing around trying to fix something like this, eventually I have to move on and stop wasting time with it.