Admin account was logged on via remote device

While I was on my computer last night, I was logged off. It took me to my log in page which has an admin account that’s mine and also a log in option for another account which is also mine and labeled as admin. Under my original admin log in option it said: logged on remotely then it gave a desktop device name. I went to my other account to select log in and it said there are users logged on if you log on it will end their session, I backed out without logging in and Logged onto my original admin account, and I’m booted off yet again... this time it said both users were logged on. I use an LAN connection with no WiFi capabilities.
I use a cisco modem model: dpq3212
I am self employed, I work from home, therefor my system I use for work isn’t monitored by anyone higher than myself. ( it shouldn’t be anyways). How is this possible? Am I able to find out who used a remote log in? How do I ensure remote log in is not available.

New
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 4031 Mb
Graphics Card: NVIDIA Quadro NVS 285 (Microsoft Corporation - WDDM), 128 Mb
Hard Drives: C: 145 GB (116 GB Free);
Motherboard: Hewlett-Packard, 0A50h
Antivirus: Microsoft Security Essentials, Enabled and Updated

 

Attached to what modem/router or gateway? We need to know the brand and exact model of hardware because even if you are using wifi, perhaps your router or gateway has wifi capabilities. (It is very hard to find a router that is NOT wifi).

 

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 4031 Mb
Graphics Card: NVIDIA Quadro NVS 285 (Microsoft Corporation - WDDM), 128 Mb
Hard Drives: C: 145 GB (116 GB Free);
Motherboard: Hewlett-Packard, 0A50h
Antivirus: Microsoft Security Essentials, Enabled and Updated

if other info is needed let me know.
I use Cisco DPQ3212 Modem
I have a LAN connection to internet not Ethernet.
default gateway is 174.64.166.1

The tech who installed my internet had said this modem did not have a router built into it, nor did it posses WiFi abilities to connect to a different router or router extender. I had asked for this specifically as I wanted to be the only one with access to this internet since it was bought for my job. I use VoIP for my job, my call quality had been terrible to the point of being hung up on for 80 percent of my phone calls. I tried a few other options to remedy the call problem but nothing worked, so I ended up getting my own internet. I live in a house of people who have about 25 devices connected to our other internet which is hard wired in to two devices and then it has a built in router, we also have a wifi extender to reach the upstairs and side bedrooms.

 

If you have no wifi than where is the extender getting the signal? Are you hopping off of someone else's signal in the house because your modem has one ethernet port for a PC or a router. (I downloaded the manual to check it out)

I'm going to bow out because I have zero experience with a home running two different networks with different ISPs.

 

Sorry if I wasn’t clear. My computer that said my admin account was logged onto from another device is only connected via LAN. As far as I can tell my computer itself is not capable of WiFi. I was told my modem wasn’t capable of WiFi. I did state the home uses two different internet sources and that one of the internet sources does have WiFi. But again my computer is connected to the Cisco modem, wired in LAN connection.

 

I checked out your modem specifications. Your modem is a cable modem which has only 1 ethernet port. It does not have NAT, nor does it have a firewall. The gateway ip address you gave confirms this. Some of your PC's ports are publicly exposed to the internet, and can be connected to by anyone. Someone has gone past the login stage and accessed your files. Disconnect the internet now. Buy a router NOW and hook it up to the cable modem, then connect your PC to the router. I know you don't need additional ethernet ports on a router, but this is not about the number of available connections. It is about security. A router or router with firewall blocks direct access from the internet to your PC.

First step: disconnect the intruder: done, by adding router.
Next step: damage control. Since you are not a Incident first responder, you won't know if the attacker has installed anything. Skip this step.
Next step: attackers may have installed a back door. Since you can't do step 2, you have to back up your data and re-install Windows. Takes about a morning's work. You can't skip this step. The attackers may have gotten in easily, but could have taken steps to install a back door in anticipation of discovery. A back door will connect out bound from your PC back to their PC. And it is hard to detect. Since they have administrative access, they could have named the back door file anything and placed it anywhere in the PC. This step must be done.
Next step: set up a daily backup routine. It could be as simple as drag and drop of files and folders onto a USB external hard disk. Or you could purchase backup software to do this automatically. Preferably you would name each backup by day of the week - so that you have 5 versions of daily backups available. This step must be done.

 

Thank you thank you!

 

Thank you!! I really thought I had replied to your post with thank you but I see I did not. Also how do I direct message you?

 

Click on Inbox on the top left of the screen, and select Start a Conversation

 

i am not seeing the option to start one, can you send me a message please.

 

In summary. The remote login is shown at eventID 4624. ( along with all normal logins ) Except that a Remote Desktop login will show an ip address in the details box. So locate the date and time when you saw the attacker online in your machine and work backwards until you find the login.

With a internet ip address, you can file a police report, as they are the only ones who could link an ip to an ISP account. The OP's situation is unique here, because his machine was directly connected to the internet, and the logs will show the attackers real ip.

I would backup your data first. Because you shouldn't use the machine as it disturbs their evidence collection. You can then restore your data onto another machine to continue work.