TMM: Ok, we can rule out the wife and kids.......

I'm a lot uncomfortable with the unprotected WLAN early on. Having said that, I'm pretty sure that one would need desktop access to install a program like this. If I already have desktop access, (not physical but through PCAnywhere, Terminal Services, RDP or worse some form of RAT), then I'm not sure I would need to go through the trouble and risk of installing a program like this. I'm sure I could come up with something "quick and dirty" to grab the odd password etc.

I'm also uncomfortable with the waking up at night...... I do it all the time myself and it's a pain...... ;) ..... I think we need a little snort box on an old hub to this machine and run a single rule to start with

alert tcp any any -> any any (msg: "Traffic Detected"; Flags: S; classtype: bad-unknown;)

if you have only the snort box and your PC on this hub it will capture all traffic inbound and outbound to it. We can then filter through the alerts to see what was valid, what was questionable and what was definitely invalid. It will also tell you if the WLAN is compromised and the guy is connecting to your machine - which is a possibility.

Do you have the equipment to run a snort box in stealth mode?