OpenDNS just sees your one public IP address, so cannot differentiate between devices in your network. You can select domain stats only by date, not by hour.
There are other methods to achieve what you want:
http://www.wireshark.org/
http://www.winpcap.org/
Internet Explorer: http://www.spyarsenal.com/internet-spy/internet-spy.zip
Firefox: http://edmullen.net/utility/dork.zip
Be warned: This software may be recognized as Virus or Trojan by some Antivirus software packages. Also, the use of such software may be illegal in some countries or federations.

If your router can broadcast a Syslog there are a few programs that will make records of these logs. The log on my home network will display what internal IP & netbios name (if broadcasting) is accessing a site by both the IP and the domain name. A far as physical proof you will also need a a log of the IP if you don't have the netbios name in the log. This way you have individually identified the time, the site, and the machine. Only issue left is there any room for plausible deny ability. Such as the employee claiming another co-worker must have used his machine while on break/lunch or in the restroom.

After thinking about this a little bit, and having some similar concerns with our traffic at work. I would bring domain controller logs proving which user logged in from that machine. Prior to releasing any findings; I would also implement a computer usage rule requiring all employees to log off when leaving their desk. If one is not already in place. It is easily explained for file synchronizing, helping keep employees files as current as possible in the event of catastrophic failure. All of which is true and is a good practice to keep.

Either way you'll have a write up, but to me it sounds as if someone somewhere wants this employee terminated.