cnmg32.dll fits the behaviour of Haxdoor, which drops a dll which looks similar: ****32.dll (* being a random character) but it could be anything without a positive identification, which is why I recommended the usual scans. If it is Haxdoor, the first logical thing to try would be the Haxfix tool, seeing as how it's designed to remove Haxdoor.