Hacked or Phishing?

[lovemonkey]

I have a questions and worries,

Our son downloaded teamviewer for online gaming. That we did not find out until later what he used.

I noticed in our system logs was showing several attempts was being made to get into our router by one of the laptops my oldest son uses along with his wife. More like as if they was trying to hack into it because I had several Endless Online Gaming sites blocked in the parental controls.
When I had seen this I cut off wireless to them until I got it straightened out with our provider to make sure that it was not just the computer trying to connect or something. Well they said it was in fact that attempts was being made to get into our networking.
After a day we turned on the wireless again and told them no more gaming cause our provider would be looking for the sites and can see what is going on.
Well then my wifes computer was doing the same exact thing theirs was doing and making attempts to get into the router and she has nothing to do with that type of stuff. Below is a small listing of what I am talking about:

2013-08-28 17:44:56.00

TCP Packet - Source:192.168.0.4,52680 Destination:192.168.0.1,5000 2013-08-28 17:45:11.00 [DOS] TCP Packet - Source:192.168.0.4,52708 Destination:192.168.0.1,5000 2013-08-28 17:45:28.00 [DOS] TCP Packet - Source:192.168.0.4,52759 Destination:192.168.0.1,5000 2013-08-28 17:45:43.00 [DOS] TCP Packet - Source:192.168.0.4,52786 Destination:192.168.0.1,5000 2013-08-28 17:45:58.00 [DOS] TCP Packet - Source:192.168.0.4,52808 Destination:192.168.0.1,5000 2013-08-28 17:46:12.00 [DOS] TCP Packet - Source:192.168.0.4,52831 Destination:192.168.0.1,5000 2013-08-28 17:46:27.00 [DOS] TCP Packet - Source:192.168.0.4,52859 Destination:192.168.0.1,5000 There are other listings that start in the early morning hours as soon as we get up with the our to babies and within a 5 minute period there was 18 more attempts. Once again had to cut off the wireless again to them and us until I managed to get our router moved over to the table where we are now plugged in at this moment. That was when we found out that he had this teamviewer on his laptop cause he got rid of it for a desktop computer (which is now just a paper weight since no internet once again). He says that teamviewer is not on the other laptop cause the screen is busted and can't see anything cause the other person could not see there desktop cause of it being broke. They used computer adapter to plug the laptop into a small flat screen tv they have in order to use it. I have looked high and low on her computer for any traces of teamviewer or any signs of something to explain why her computer was doing this. We do know he is behind it. Because of the comments he had made like they have already seen what was on her computer. She only has tons a family pictures and small programs to make pictures and other things to make recipe books so they can't see much. We ran all sorts of scans and found nothing at all. Is there anything more to look for? How would it jump from one laptop to another doing the same thing? We are getting more grays in our hair trying to figure out what happened and of course getting him to tell the truth would be more like asking the politicians to take a pay cut....ain't gonna happen. Sorry for the long story Ladies and Gentlemen but I just try to cover my basis from the start of the situation and to the end...if there is an end. So once again is there anything more to look for to find out if someone might have access to her computer or any traces we could look for? We are trying to save her laptop for being wiped clean cause of all the work she has done will be lost:cry:

 

[Pauly]

Afraid im cant give you much help as to the cause of your issue but you can try netstat commands from an elevated command prompt to establish all active connections on your machine/s and the program/function associated with these connections

Open an http://www.sevenforums.com/tutorials/783-elevated-command-prompt.html
type netstat -ano
click enter

this will give you a list of all active connections on the machine with the local and external IP addresses
heres my example (obviously i have scribbled over most IP addresses as i utilise static IP addresses for my server and i dont want to publish them )

the PID on the right is the process ID number which you can tally up with processes in task manager
to do this hit ctrl+shift+esc select processes tab, click view>select columns and tick the top entry PID

It is also good to examine the processes list to see if you have any suspicious entries and may give you an idea if something like TeamViewer is running in the background, any suspicious entries can be googled to check what they are

FYI team viewer is a great program used by lots of people i personally have it on all my machines and use it daily

 

[lovemonkey]

Thank You Pauly I will give that a try. I got a program I been working with and trying to understand and that is TCP Eye that looks similar to your screen shot. And no worries I understand why you scribbled out