I was having the exact same problem, only since I don't pay for bandwidth, I wasn't overly concerned. Then, last week, my internet was down to a crawl. Seems someone was trying to drain Limewire through my router. I have a Linksys router, with the downstairs computer hard wired, and the upstairs computer on a wireless Dynex card. I tried WEP, WPA and WPA2, and this stupid Dynex card wouldn't hook up. It was asking for more info than I had. I used the instructions for the router, I used the auto network setup from both Linksys and Windows, and it still wouldn't work. I called the cards "help" line, and after trying to explain for 15 minutes the problem, then being put on hold while he "looked into it", he came back on and said, "Uh, I can give you the set up help line number, but it is a pay service". "Uh, you know what? I'd rather pay for a good card than spend more money on this piece of crap".
ANYWAY...what I wound up doing was assigning MAC addresses to the router, so it only allows certain computers on, and also turning of DNS address (I think I have that right). Anyway, I told my router to stop broadcasting the name, and change the name of my network. It isn't fool proof, but so far so good. Once one of my IT buddies stops by, I'll see if they can set up encryption. If not, I'll spend money on a card with instructions not in broken english.
That being said, are you sure it is your router, and not a worm or something on one of your computers? I'm wondering if they are somehow accessing your wireless computer and getting on the net that way.
Oh, and your router should have a log file. I've been checking mine every day to see if anyone's logged on.
Hagar:"What kind of dog is that?"
Man with dog:"He's a nice dog!"
Hagar:"You know, at the end of the day, that's always the best kind."