here's how it started...

Last night about 6pm my 8 year old daughter asked why her desktop background had disappeared. I went to investigate and noticed a solid blue background and her firefox was opening as she was pulling away from the desk. I figured it was just slow opening and she had clicked it before I walked in. I closed the window and then right clicked the desktop. Then the mouse went jumpy. I figured her mousepad was screwing with me so I wiggled the mouse and right clicked again, again the mouse went jumpy. I took my hand away from the mouse and proceeded to watch the mouse slide over to firefox and open it up.

I thought what the hell and happened to look down to see her VNC tray icon was solid black... Which means someone remoted in to her computer. I quickly took the mouse and disconnected all clients. 2 seconds later someone reconnected. I again disconnected all clients and again a few seconds later they reconnected. I then proceeded to go grab my laptop and run airodump to pull all wireless client MAC address assesing my wireless network, no duplicates and no foreign MACs. I didn't even have another network show up.

Then whomever had hacked in disconnected. I proceeded to shutdown all VNC instances on both kids computers.

Here's the skinny on equipment and home network.

Linksys - Cisco VPN router
All computers are wireless connection with assigned IPs
wireless encryption WPA with a mixture of letters and numbers - no words
My VPN router is set to only autothrize my MAC with of course my security policy.

Any ideas on help here...

Are there any logs built in to windows that gives you the ip of computers who remote accessed your desktop.

From what I can tell they were trying to change her firefox homepage to something foxfilter wouldn't allow...

I'm