Port scan and scvhost overload

[reporting4booty () gmail com]

My friends Vista operated laptop is receiving attempted entries to ports in a series, starting with 4756 (at least when 
I was asked about the pop ups on their computer). Their Sunbelt firewall pops up with the IP 192.XXX.XX.01. (I am not 
with the computer at the moment so I do not remember the exact IP. I have it written down in another building.) From 
past experience I get the impression that all IPs with 192 in the beginning are on your own network.

My friend has two 14 year old twins that spend all day playing XBox and computer games. I get the impression that they 
were just messing with their sibling, pestering them with a ports can for fun. However in the process list there is 
around 9 different instances of the svchost.exe process, from what I was able to find out Before the laptop 
mysteriously shutdown, the processes were using services such as plug-in-play and confidential background transfer 
services (I am no computer guru, not yet at least, I am not aware of the full use of Vista's services.). 

The siblings all use the same wireless network (Wi-Fi processes found in process list) in the same house with virtually 
almost anytime physical access.

What should I do to pinpoint the cooperate, remove their instillation if I may call it, and keep them out for next 
time? Also, is there a way I can find dump files or something of the sort that will give me a history of what they have 
down while in access with the victim laptop? Perhaps I could find records on their computer(s)? 

There are multiple computers in the house that all have access to the wireless network. 3 laptops and 1 desktop. 

Also, if it means anything, while pursuing this suspicion I noticed 2 extra randomly named networks within access range.