You should setup an IDS on your network if you continue to have concerns about potential issues. Definitely consider upgrading to MBAM Premium if you haven't yet already...worth every single penny. You might also consider running standard user accounts and have a locked down admin account you use to enter credentials for when you need to install or modify something. That will help quite a bit. I would disable the default admin account and create a new dedicated one that you know but don't keep easily accessible credential-wise.
It won't be easy and you'll have to have a decent comprehension of networking, managing your network. But it might help you in learning network security and how to use an IDS as well. The below link would be A LOT of work, but would be very helpful in identifying what or who is on your network that shouldn't be. There are all sorts of other solutions, but for a free option with a free guide, this is a pretty good choice IMHO.
https://techanarchy.net/2015/01/home-ids-with-snort-and-snorby/
You could also wipe your G/F's PC, run Ubuntu, Mint or Fedora... and learn how to use IPTables...excellent firewall! Can get very complex. Is what PFSense, OPNSense and other routers use as well.
If you can budget it, building a better router with better capabilities could help, especially running extra things like IDS/IPS, Proxy filtering & caching, network AVAM, notificaitons, etc.
http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
http://arstechnica.com/gadgets/2016...build-faces-better-tests-tougher-competition/
http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
I know you said you don't have the budget right now, but you should at least educate yourself on why it is a good option. It might prove to be something worth saving for.
My all new parts, custom PFSense build came to about $250 last March. I used an mITX board with a quad-core Celeron SoC, 8GB RAM, 128GB SSD, thing is a beast and competes with the $500+ Netgates, SonicWalls, Fortinets, etc. Probably overkill in some ways...but the fact I can run all the protective measures I want and lose not perceivable performance is a huge plus for me. That's what my network is worth to me.