when you think he is using you system, use your web browser and log onto your router and see the Ip address and HW address which has loged on.


Then go on your PC and in the run Command \\"ipaddress" return
if he has know shares then use \\"ipaddress" c$ and guess the admin password, which is blank in most cases