Skip to main content
When I ran the Webroot optimizer I got the "Functioning Devices" - Remote Desktop Device Redirector Bus   (Microsoft) System, Service: rdpbus, Status: 0180200B,  Teredo Tunneling Pseudo-Interface                 (Microsoft) Net, Service: tunnel, Status: 4180200B.  I know I have been hacked at one point and other times I got automated messages from Facebook saying that someone was trying to get into my profile.  Does this indicate that someone has remote access to my desktop?

 

Also I have a bunch of services running where the path starts as - "C:WindowsSystem32svchost.exe -k" ... NetworkService, LocalService, LocalSystemNetworkRestricted, LocalServicePeerNet, NetSvcs, netsvcs  - which all indicate some sort of monitoring 

 

Has anyone heard of Win32_Service.Name="LanmanWorkstation"  Description - Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.  Path name C:WindowsSystem32svchost.exe -k NetworkService



 

LanmanServer                                      %SystemRoot%system32svchost.exe -k netsvcs

LanmanWorkstation                                 %SystemRoot%System32svchost.exe -k NetworkServiceKtmRm                                             %SystemRoot%System32svchost.exe -k NetworkServiceAndNoImpersonation And then in google chrome I can't get a truely secure login - it has the yellow lock on next to the https:// and the message "Your connection to accounts.google.com is encrypted with 128-bit encryption.  However this page includes other resources which are not secure.  These resources can be viewed by others while in transit, and can be modified by an attacker to chang the look of the page.  the connection uses TLS 1.2.  The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanisim" Something was removed because I got the message:   Your post has been changed because invalid HTML was found in the message body. The invalid HTML has been removed. Please review the message and submit the message when you are satisfied. - I'm not sure what it was.

Can anyone help me? 
Hello and Welcome to the Webroot Community!

 

It's best if you Submit a Support Ticket so that they can look at your scan log and let you know what's happening.

 

Thanks,

 

Daniel 😉

Reply