If the changes were happening in real-time, I would assume it's an RAT (remote administration tool). Whoever is the hacker got your IP address and was able to get you to execute the RAT's server, which most likely melted it (so it's harder to remove). It's basically a trojan that lets the sender have full control of your computer.
I recommend AVG Free or Avast! to remove it, since most people aren't smart enough to protect their viruses/trojans/whatever.
Also, I recommend download McAfee SecurityCenter, and then uninstalling everything in it except the SecurityAdvisor toolbar. It tells you whether a site has pop-ups or viruses or not, and also will show up beside urls in Google searches.
Also, don't download from unofficial sites unless the uploader has a scan from virustotal.com showing that the file is clean. Even then, there are many ways to make various malware undetectable to virustotal.com or novirusthanks.com, so always be careful and wait to see if anyone else gets an infection before downloading.
EDIT: Also, burn Linux to a disc when you can, so you can boot from the disc if Windows ever decides to die on you.