If you want to know which application creates or modifies which registry keys, you need a monitoring tool that looks behind the of the operating system and makes registry access transparent. This feature may be useful for tracking the behavior of certain applications or potential spyware and find the registry changes happened.
Microsoft offers a free tool which runs on both Windows XP and Vista. Check it out,
Process Monitor – Track real time changes in process activities, registry, file system.
After downloading the file, unzip it into a folder and run the extracted file ‘procmon.exe’. If you are using Windows Vista, the operating system will request you to authorize the execution through the administrator account.
The latest entries are the programs at the lower end of the list. Hence, if you want to track the most recent activities, the easiest way is to activate the Auto scroll option from the Edit menu.
The ‘Show Registry Activity’, ‘Show File System Activity’ and ‘Show Process and Thread Activity’ buttons on the toolbar toggle the display of the three monitored areas (Registry, file system and processes). You can thus concentrate only on those activities that are of interest to you.
Using filters, you can choose to display or hide processes based on parameters such as process name, description, user, and so on. For example, you can choose to display only those entries created by a specific program.