Yes, the timing is very significant and suggests remote desktop access. The password I used has never been written down anywhere, its not in any user text file or doc. So keylogging or remote access seem to be the most plausible.

Also, I checked my Remote Assistance settings in system properties. They were mysteriously set to true. I know I had set them to false again when I upgraded to win8 several months ago (for some reason, annoyingly, the update had set them to true)

Update: I contacted the Australian server company for the suspect IP Address. So far, they have been very helpful and are looking to identify the user from their logs and time stamp etc...

I will post more when I know more.

Thanks again for your help.