To determine if your system has been compromised just run the Process Monitor utility from the AATools to see the list of the processes (applications and services) that are currently running on your computer. You have to identify if all the programs are approved and you do not have any hidden application running behind your back.

Be careful when ending a process. If you end an application, you will lose unsaved data. If you end a system service, some part of the system may not function properly. 

Working with AATools ProcMon

The Main window of Process Monitor contains 4 tables: Processes, Modules, Drivers
and Services (only on Windows NT/2000/XP). Process Monitor shows all the specific
information about the selected process. Module list shows the modules used by the
selected process. Drivers list shows all the drivers on your computer.

Processes

Shows all the processes currently running on your PC. The Processes frame is present as a table with the following columns: Process (shows the process name), PID (shows the unique process ID), Modules (shows the number of modules used by the selected process), File version (shows the file version of the running process), Path (shows the full path to the program’s executable file), Company (shows the name of the file manufacturer), Copyright, Description (displays a short description of the running process).

Modules

Shows all the modules used by the selected process. The Modules frame is present
as a table with the following columns: Modules (shows the name of the selected module), File version (shows the file version of the running process), Path (shows the full path to the selected module), Company (shows the name of the module manufacturer), Copyright, Description. If a selected process has no modules, this frame is not available.

Drivers

Shows all the drivers on your computer. The Drivers frame is present as a table with the following columns: Driver (shows the name of the appropriate driver), ID (shows the unique ID of the appropriate driver), Path (shows the full path to the appropriate driver).

Services

Using Services, you can start, stop, pause, or resume services on remote and local
computers, and configure startup and recovery options. You can also enable or disable services for a particular hardware profile. The Services frame is present as a table with the following columns:


Name - shows the name of the appropriate service.
Path - shows a fully qualified path to the service binary file.
Status - shows the status of the appropriate service: started or stopped. When the
service is stopped the appropriate field is blank.
Startup Type - shows when to start the service. AUTO START - specifies a device driver or service started by the service control manager automatically during system startup, BOOT START - specifies a device driver started by the system loader, DEMAND START - specifies a device driver or service started by the service control manager , DISABLED - specifies a device driver or service that can no longer be started, SYSTEM START - specifies a device driver started by the IoInitSystem function.

Log On As - shows the name of the ordering group of which this service is a member.


Dependencies - shows names of services or load ordering groups that must start before this service. Dependency on a service means that this service can only run if the service it depends on is running. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group.