Hacker modified my router wan ip.

Hey guys,

This is the situation.  Some loser first put the trojan/downloader.winshow on my sister's computer when she visited a site that was hosted by him (via Browser Help Object, I think).  Norton's AV was supposedly up and running but did not pick it up.  Then somehow he was able to modify the router so it would not get the wan ip from my isp but I think it was redirected to his computers and out to the internet.  After doing some research I found that the ip that it was routing to was not my ISP's and that the assigned ip to the router (wan) could not be identified by Verizon (I think spoofed to a different location).  Before resetting the router, I tried to release the ip, disconnect from my supposed isp (which was the guys), connect again, then renew.  The router log came up as follows:  

2004/05/11 21:25:48  Username and Password : OK
2004/05/11 21:25:52  PPPoE get IP : 162.84.243.165
2004/05/19 15:45:14  192.168.6.25 login successful
2004/05/19 16:03:33  192.168.6.25 login successful
2004/05/19 16:54:43  192.168.6.25 login successful
2004/05/19 16:54:55  PPPoE stop PPP
2004/05/19 16:54:55  PPPoE stop
2004/05/19 16:55:00  Dial On Demand (PPPoE): forward to dst 216.206.180.15
2004/05/19 16:55:00  PPPoE send PADI
2004/05/19 16:55:00  PPPoE receive PADO
2004/05/19 16:55:00  PPPoE send PADR
2004/05/19 16:55:00  PPPoE receive PADS
2004/05/19 16:55:00  PPPoE start PPP
2004/05/19 16:55:02  Username and Password : OK
2004/05/19 16:55:06  PPPoE get IP : 162.84.243.165
2004/05/19 18:03:30  192.168.6.25 login successful
2004/05/19 18:03:49  PPPoE stop PPP
2004/05/19 18:03:49  PPPoE stop
2004/05/19 18:04:20  Dial On Demand (PPPoE): forward to dst 63.240.15.136
2004/05/19 18:04:20  PPPoE send PADI
2004/05/19 18:04:25  PPPoE send PADI
2004/05/19 18:04:30  PPPoE send PADI
2004/05/19 18:04:35  PPPoE send PADI
2004/05/19 18:04:40  PPPoE send PADI
2004/05/19 18:04:45  PPPoE send PADI
2004/05/19 18:04:50  PPPoE send PADI
2004/05/19 18:04:52  Dial On Demand (PPPoE): forward to dst 209.94.102.51
2004/05/19 18:04:55  Dial On Demand (PPPoE): forward to dst 209.94.102.51
2004/05/19 18:04:55  PPPoE send PADI
2004/05/19 18:05:00  PPPoE send PADI
2004/05/19 18:05:01  Dial On Demand (PPPoE): forward to dst 209.94.102.51
2004/05/19 18:05:05  PPPoE send PADI
2004/05/19 18:05:05  PPPoE receive PADO
2004/05/19 18:05:05  PPPoE send PADR
2004/05/19 18:05:05  PPPoE receive PADS
2004/05/19 18:05:05  PPPoE start PPP
2004/05/19 18:05:08  Username and Password : OK
2004/05/19 18:05:11  PPPoE get IP : 162.84.241.226

The address of 162.84.241.226 is in Brooklyn which is consistent with who we think suspected hacker is.

Verizon said they were unable to id the exact location of those ip's and as a result I changed the password of my sign in.

I have a few questions I would like answered which I why I'll give this a lot of points:

1)  Is it actually possibly to modify the router's software to redirect an IP attempting to be resolved or was the router being redirected from a client workstation (if possible) or was the settings of static routes modified on the router possibly?

2)  The IP of 216.206.180.15 came up in California.  Is it possibly the info is being redirected back to the east coast?

3)  How can I find out as much info as possible for the ip 162.84.241.226?  I used ip address locator at geobytes http://www.geobytes.com/IpLocator.htm?GetLocation but I would like to find the contact info if any for that address.

4)  Is there any legal action that can be take place?  He has harrassed her on a number of occasions with persistant hacking efforts.

Thanks alot guys as I'm sure some of you can imagine how I feel knowing my family's privacy/security has been comprimised beyond reasonable limits.

mados