Pay attention to the audit logs Windows generates, especially the security log. Look out for failed user authentication attempts and other strange events that you didn’t cause.

Also, pay attention to the logs generated by your firewall and anti-virus software. Try to refine your firewall logging settings to eliminate all of the noise from the automated scans of worms like CodeRed and Nimda. In the case of these two worms, this can be accomplished by not logging blocked TCP port 80 requests. After collecting a few weeks of logs, it should be apparent what kind of noise traffic you are receiving.