Hives are your registry stuff, thats the NT.* name IIRC.
The Foundstone free tools like Fport are at http://www.foundstone.com/knowledge/free_tools.html,
and netstat should be part of NT5.
IMO chances that something automated logging in with Putty on your server are small. Chances someone should try and spoof logging in with your username from your W2K IP are infinitesimally slim. Add the fact *you* didn't install anything or clicked anything doesn't count as 100 percent proof there ain't nothing wrong in the very automated Wintendo world I'd say. Look for instance at the fact some M$ products install a hidden SQL server, or embedded ActiveX controls in pages to automagically muck with your registry.
If your event logs turn up nothing then it'll all be much harder to find "evidence" of it all. I don't say it can't be done, but doing forensics will just take much more time than you can justify.