My money is on a trojan/virus collecting stored passwords that were stored unencrypted. I believe Dave was using FileZilla? Based on
this bug report, I would never store important passwords there. Use a real password manager like KeePass.
I have handled a similar case a few years. A server of a client offering shared hosting was compromised. Malware was being uploaded to different customer accounts. My conclusion after examining the server was that this was because they had access to the FTP passwords, most likely harvested from the computer of owner of the company (who was the only one with access to all the different accounts). The owner disagreed and hired another expert, and ended up reinstalling his computer and installing a bunch of virus scanners. I believe he was also using FileZilla.