My system is still acting weird as outlined in my Trojanwin32.dialer.exe thread. Today I opened my task manager and found three processes I don't quite think should be there.

wowexec.exe (found in my windows\system32 folder)

_minst.exe (Search found only a file named FDMINST.exe-2c8478e1.fp in C:\windows\prefetch)

ntvdm.exe found in each of the above folders


What are these files. wowexec.exe seems particularily suspicious

re: Ntvdm.exe and Wowexec.exe

WOW Environment Remains in Memory After Quitting 16-Bit Program
http://support.microsoft.com/default.aspx?scid=kb;en-us;181333


SUMMARY
When you start a 16-bit program on a computer running Windows NT, the Ntvdm.exe and Wowexec.exe processes start. After you quit the 16-bit program, the Ntvdm.exe and Wowexec.exe processes remain in memory.
Also:
Windows NT Subsystems and Associated Files
http://support.microsoft.com/default.aspx?scid=kb;en-us;105992


Window on Windows (WOW)
WOWEXEC.EXE - Handles the loading of 16-bit Windows-based applications.
WOW32.DLL - Dynamic Link Library of the WOW application environment.
NTVDM.EXE - VDM Component.
NTVDM.DLL - VDM Component.
NTIO.SYS - VDM Component.
REDIR.EXE - VDM Component.
VDMREDIR.DLL - Redirector for WOW environment.
KRNL386.EXE - Used by WOW on x86 based systems.
KRNL286.EXE - Used by WOW on non x86 based systems.
GDI.EXE - Modified version of Windows 3.10 GDI.EXE.
USER.EXE - Modified version of Windows 3.10 USER.EXE.

Good thing I didn't do anything dumb like removing the files. I have been experimenting with WinQuake and JFduke and I believe at least one of them opened the 16 bit application mentioned above. Thanks for the info.