Truth about Root Kits. On a Mac, the only way to hit the system is with elevated ROOT privilege access. These days post with the introduction of macOS Sierra, that even requires a password above Root User.
Even if these bozos had an Administrator user level access to this computer it is very doubtful they could have installed any administrator level software on it without the administrator password. . . or inducing the user himself to provide that password. From what the user said, the only time that would have been provided was when TeamViewer was being installed. . . and that would have been entered BEFORE TeamViewer was installed, so it could not have recorded it. Ergo, they did not get to see it. There is no recorded location on a Mac where that password is stored in a clear form, it is stored in a hashed version, so it cannot be merely found by someone looking for it and it is a one way hash, so having the hash cannot reverse calculate the get the password.
As I said, if the OS is the latest, then installing a Root Kit is really problematic.
I would strongly suggest removing the Teamview Software, and anything that may have been installed after it was installed. That's easy to do on a Mac. Also check for anthing added to the user's Login Items in System Preferences, and also check both the System Library and User Library for startup items that should not be there. If the libraries aren't showing, hold the Option Key while clicking on the User's Home folder and it will appear. Same with the Hard drive icon (you may have to chose Finder Preferences to show the HD Icons to open to the Root directory of the HD).
Thanks for pitching in, Sword. That is good news.