I have a Microsoft LifeCam HD sitting atop my monitor. Today, completely out of the blue, its light came on — I was simply browsing the web (in Chrome) when it happened. After about 5 minutes the webcam turned off.
Naturally, I immediately suspected my ex-wife (when in doubt, I always suspect her), but she isn't computer savvy enough.
I looked over the process list and didn't see anything suspicious. I am running a couple of open source projects and free apps (e.g., greenshot, powermenu, supertray), but I've had them for years. Autoruns reports nothing suspicious in the startup and neither does Windows Defender.
Anyways, what could it be? What should I look at next?
Best Answer
Process Explorer from Microsoft would be my next guess : http://technet.microsoft.com/en-us/sysinternals/bb896653. Once you have loaded it up, click View -> Lower Pane View -> Handles. Now when you click on each of the processes in the top Pane, you get a report about all of the files and registry keys it has open. The keys are the important bit.
It can list lots of information about currently running processes, and although I don't know for sure if it will definitely tell which process has the webcam open, you might be able to gain hints. I just tried it for OneNote while recording a video, and for my Lifecam VX7000, it had this key open while recording a video, which is almost certainly the webcam (especially seeing as it disappeared once I stopped recording) :
I don't know what your device will appear as, but keep an eye out for processes which have HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\ keys open, and look for keywords like "USB#VID" in there. Pressing Ctrl+F and searching for the string "USB#VID" should find processes with that key open.
If you want to find out exactly what your USB device is called to windows, open device manager, find your webcam in there, double click on it, then click the details tab. In the drop down box on that page, go to Hardware ids, or check out some of the other details in that dropdown box, and see if you can match it up to a process in Process Explorer.
edit : forgot to mention, this procedure only works while the process is still using the webcam (i.e. the light is still on)