You don't explain what sort of network this is.
If wired (ie, Ethernet) and the problem is, as you suggest some intruding process (ie, spyware), the solution would be to download and run a couple of spyware killer programs on EACH computer attached to your network. More than one spyware killer as none catches them all. Spy Bot, Ad Aware, and Spy Catcher are all well regarded, and are free. If you're running Windows (as I suspect, given your lack of reports from Linux / Unix/ BSD admin/inspection utilities), then you could try download.com as a source.
it it's a virus infestation of some kind, do the same with a good anti-virus program. My favorite is F-secure who distinguished themselves from the pack by much better behavior in regard to the Sony/BMG rootkit Trojan Horse in some millions of music CDs for the last couple of years. Free versions of some well thought of programs include Avast and AVG.
If the problem is on a wireless network, you should do the same as above, plus make sure you have properly configured and are using WAP (or better WAP2 or best full 802.11i) on your radios. These are not easy to configure, so don;t believe anything (or anyone) who says they are. Failing that, make sure WEP (and earlier and unsatisfactory) standard is properly configured on your radios. Insist on the best grade of encryption you can manage (128 bits keys, but even so WEP is insecure).
And install a firewall on your machine, or if you're responsible for the network,b between the network and the Internet. For user machines running Windows, ZoneAlarm is well thought of and offers a free (somewhat limited) version. For the 'bastion' machine, I suggest Linux and further running it on a dedicated machine. The reason is that Linux (or indeed OpenBSD, or one of the other BSDs) has a firewall builtin. The Linux firewall is particularly flexible and fast, but requires some knowledge to properly configure it. If you're running Linux on the user machines, doing the same at each of them is also reasonable.
Linux (and the BSDs) also has the virtue that the virus folks have largely given it a pass. Anti-virus software on Linux is largely devoted to finding Windows malware so it won't be passed on to Windows machines being served with files via the Samba protocol. Because of the way Linux/Unix/BSD is designed, a properly configured system is unlikely to have system wide virus problems even if a user imports one.
==============
what to do it it's a real intruder
First, you'll have to set up 'instruments' on your system(s) which watch for unusual things. Odd logins, odd usage patterns, odd files here or there (or hidden), odd changes in files (you should have been using Tripwire all along, of course)etc. Without being noticed yourself. Having found the way the intruder got in, you should probably close it off.
Since the intruder has been roaming your system without your knowledge, you can't trust any of the installed software to be safe. Ideally, you will have to reinstall all of it a new onto a blank disk. No mere 'update' install for those routines are pretty easy to fool. How to avoid ruining users' work is difficult. If you have been keeping good backups, you may be able to identify when the intruder first appeared, and restore user files using the most recent backup before that. Users will likely complain regardless of what you do. You did instruct them to maintain their own backups of their work, didn't you?
Unusual things to check for include changes in the BIOS routines (on PC machines), any of the flashable firmware in system peripherals (optical drives, for instance). It's possible they've been damaged or corrupted as well.
================
prevention
A network wide policy of no software save that approved by the administrators is reasonable and will be resented. So will a policy of no wireless adapters not registered with system administration. And a policy of no floppies or floppy equivalents in or out unless cleared by system administration. All are ways for malware to gain access to your the systems on your network, and so must be constrained lest malware actually be imported.
Since users will manage to forget about such things, it will be necessary to run regular surveys looking for rogue wireless equipment, and perhaps even surveys of installed systems for such things as floppy drives, flash card readers, and other sorts of portable media.
Remote access (as by customers or marketing folks on the road) is a headache. There are no truly satisfactory solutions, but access only to a bastion type system serving as a proxy is perhaps a good as can be managed. If configured properly.