So how does one go about finding it?
Our WIFI is secure (WPA/PSK) but we have one WEP-64 access point (for a specific purpose) and maybe somebody hacked it and is using it with an infected machine?
Start by the second item.
Change your wifi key right now to something random ..... so then you've eliminated the possibility of a third party.
Then take a look at the network activity on your computers. The fact that your ISP has notified you that they've had an abuse complaints means that you have a zombie computer on your network that's being commanded to send out spams, or take part in network scans or attacks. So there will be some network activity going on on the computer that's infected.
Once you've found the computer that's infected, format it and rebuild it.