This is gonna be long so I apologize, but I wanted to explain exactly what the symptoms were and what I've done. I will say I am a pretty computer savvy person, and I only say that so you can understand I can generally debug things on my own.
So this starts back when I was using my previous computer. I installed teamviewer so that I could access my laptop while on my phone. At one point, some one accessed my computer and tried to send themselves bitcoins from my btc-e account. Luckily they did not complete this process, but I was SUUUUUPER paranoid after this happened. I added two factor authentication to all my emails and used google authenticator for my teamviewer.
I thought I locked everything down, but I am not sure if the person who accessed my computer left any backdoors. I had eventually decided to get a new laptop, and figured that this would mostly resolve the issue. I still decided to keep teamviewer on my computer. Yesterday I had left my laptop opened, and went to the bathroom, and when I came back the startup screen for teamviewer was up on my computer. This was an obvious red flag, but I wasn't sure if it was just teamviewer updating. The first time the person connected (on my old computer), I was able to immediately tell since this screen was left opened: https://www.gromichoafsystems.com/wp-content/uploads/2015/04/teamviwer-sponsored-session.png
That screen was not opened this time though, so it might not be a related indicator and might just be me being super paranoid because of everything that had happened previously.
I am not really sure where to go from here to determine if some one is currently accessing my computer or not. I followed this persons guide on programs to install and run to check for infections: https://www.bleepingcomputer.com/forums/t/641523/spybot-rootkit-scan/?p=4195111
Here are all the logs from that guide:
Malware Bytes: http://pastebin.com/CLGGmq2N
Junkware removal tool: http://pastebin.com/TbpNrvxq
ESET Cleaner: (nothing found)
Also here is my teamviewer log (trimmed to very recent): https://justpaste.it/148zm I bolded the areas where the user might have connected to my comp. It was around 3/7/17 18:20
Here are the things that concern me:
2017/03/07 21:10:53.793 5536 9152 G1 VoIP: Sender: Initialzed
2017/03/07 21:10:53.793 5536 9152 G1 VoIP: Sender: Audio pipeline: AutoVoiceCapturerWinAll: Building pipeline started
2017/03/07 21:10:53.808 5536 9152 G1 VoIP: Sender: Audio pipeline: BasicVoiceCapturerUsingWindowsDMOInSourceModeAndSpeexNS: Init for devices: "Microphone Array (Realtek High Definition Audio)", "Speakers (Realtek High Definition Audio)"
2017/03/07 21:10:53.808 5536 9152 G1 VoIP: Sender: Audio pipeline: VoiceCaptureDMOSourceFilter: Init for devices: "Microphone Array (Realtek High Definition Audio)", "Speakers (Realtek High Definition Audio)"
2017/03/07 21:10:53.793 5536 5540 G1 AudioDriver: using rec dev 'Primary Sound Capture Driver', '' (prim), id -1
2017/03/07 21:10:55.687 5536 6596 G1 Camera: name = 'ATIV Real HD Camera', best Matching Video Format: size = 40, format = YUY2, width = 640, height = 480, bpp = 16, planes = 1, framesize = 614400, time per frame = 333333
Now that to me LOOKS LIKE some one listening to my audio and video!!! Maybe I'm wrong but that's what it looks like to me! Please help, and either tell me I am wrong or tell me how to make this go away permanently. (I will be uninstalling teamviewer of course once this whole thing is figured out.)
Edited by Johng123, 07 March 2017 - 10:28 PM.