Hiya-
It *MIGHT* be a zombie machine, and the coworker has no knowledge that his machine might be compromised.
If I might suggest that the IT person in charge of your company do an "nmap" on his machine and look for unexpected open ports from the results. If there are open ports up in the high regions of the tcp or udp range, then I might suspect that your coworker has ventured into unsafe internet territory and that he/she has been pointing his machine at a server that has added malware to his box. CHAT addresses are commonly used for this purpose. The zombie can then be used for a variety of purposes. Usually, it's just to do a denial of service attack or send out spam. These are easily seen with the same "snooper" programs that you mentioned.
I am not familiar with the "show traffic" version you have mentioned.
A "snooper" program is VERY handy for network monitoring and troubleshooting, however, to really get benefit from such an application, it does take a certain amount of understanding to make sense of it and use it effectively. To see some of the benefits (if you are interested) on having a network monitor available, you can point your browser to:
I have only used the 'nix (unix, linux) versions of ethereal, so I can't answer for the windoze version of it, but the ones I have used have worked very well.
A "talented" IT professional in your organization can figure out how to approach the offending machine (with the cooperation of management of course) to build a wrapper program for the offensive software to see if it indeed is ever invoked from the keyboard.
Unfortunately, most snooper programs are passive when it comes to the network, so one cannot hang a snooper on the network and scan for another snooper. Sometimes snoopers are used to collect data to disk files however, and the suspect disk can be scanned for evidence of any log files that the user has set up and saved. This is a low probability effort however.
Aside from the fact that you were wandering through a coworkers machine (with the assumption that you had a good reason for doing so), I suggest that you bring the issue to management who can contact their IT department or hire a computer security consultant to take the appropriate action.
Cheers,
Rich S.