Sysinternals has made available a great new tool called Procmon that combines the features of two older Sysinternals utilities: Filemon and Regmon, and adds much more. You can use this tool to monitor very closely what's happening on a system, as it happens.
"Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. Process Monitor adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit."