How prevent Winnt directory from being created under Win2k? Do I have a virus? Bugslayer.dll, hid.exe??

Am running stand alone PC with Win2K and all patches.
Do not have Kazaa on this PC any more. And deleted all registry references. No P2P programs
Have Norton Systemworks with Norton AV and I run LiveUpdate often.
Have Ad-aware and run often
Have Spybot and run often
and have a link to a site that provides blocks via regkeys to certain
programs that try to install themselves to your PC like Gator and such.
No firewall and am on cable modem.

Have Windows Shell Scripting Installed.
Do not have .NET or any Visual Studio components installed.


I thought I had everything cleaned.

I downloaded a Patch from Windows for BufferOverflow and other than
that, did some surfing in hte last few days.

All my Windows files are under C:\Windows since I upgraded from Win 98.

However I AGAIN see a folder called C:\Winnt with the below in it ( see directory dump)
I did not install Serv-U and it is not in my Add/Remove Control Panel to remove.
Not sure where it came from or even this directory.

1. Appreciate ideas where this came from. I do not think I have been hacked. Do not have IIS installed or FTP. Am sole user of machine. Disabled un-necessary services.

****I deleted the WINNT directory after booting into DOS.

I did not see any entries in the registry for Bugslayer.dll or hid.exe or for serv-u.
2. Please advise where this possibly came from and how to prevent or create a directory called WINNT which NO ONE can write to (setting read only will not help) or perhaps settings to change.

Last time this happened I had services like FireDaemon running and such whcih I got rid of.

Thanks so much in advance

Peter

DIRECTORY of WINNT (note my main WIN 2k install is under C:\Windows)

 Volume in drive C has no label.
 Volume Serial Number is 6F88-4885

 Directory of C:\winnt

07/29/2003  10:37p      <DIR>          .
07/29/2003  10:37p      <DIR>          ..
07/29/2003  10:37p      <DIR>          security
               0 File(s)              0 bytes

 Directory of C:\winnt\security

07/29/2003  10:37p      <DIR>          .
07/29/2003  10:37p      <DIR>          ..
07/29/2003  10:46p               1,092 security.ini
03/11/1999  09:23p              32,842 BugSlayerUtil.dll
07/06/2003  09:46p              68,016 cygregex.dll
07/06/2003  09:46p             971,080 cygwin1.dll
07/29/2003  10:40p                   5 internet.pid
07/28/2003  03:50a                   0 logs.ignl
02/03/2002  01:37p           2,142,720 services.exe
01/30/2002  05:03p                 973 ServUCert.crt
01/30/2002  05:03p                 963 ServUCert.key
07/30/2003  07:55a                 745 servudaemon.ini
11/30/2001  02:13p              36,864 tzolibr.dll
07/28/2003  03:50a                   0 update.msg
07/06/2003  09:46p             213,300 winlogon.exe
07/28/2003  07:33a               8,382 secure.bat
07/28/2003  06:48a                 110 regsecurity.bat
07/28/2003  07:06a                 922 regkeyadd.reg
05/30/2003  02:56a              16,384 hid.exe
07/28/2003  07:29a               1,178 res3.txt
08/29/2002  09:32p              95,744 clearel.exe
07/29/2003  10:39p      <DIR>          Logs
07/28/2003  03:50a                   0 secedit.xdcc.bkup
07/29/2003  10:55p                  48 secedit.xdcc
07/29/2003  10:55p                 280 secedit.xdcc.txt
07/29/2003  10:55p                   4 logs.ignl.tmp
07/28/2003  03:50a                   0 logs.ignl.bkup
07/30/2003  07:55a                 657 ServUStartUpLog.txt
              25 File(s)      3,592,309 bytes

 Directory of C:\winnt\security\Logs

07/29/2003  10:39p      <DIR>          .
07/29/2003  10:39p      <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
              25 File(s)      3,592,309 bytes
               8 Dir(s)   5,585,657,856 bytes free