Process Monitor

Process Monitor is a tool used to get real-time file, registry and process/thread activity and is a combination of RegMon and FileMon, two excellent monitoring programs from Sysinternals.

It’s a great tool for troubleshooting your system and also for finding malware. Since Process Monitor allows you to see exactly which files and registry keys are being accessed by a process in real-time, it’s great for seeing all the files and registry entries added when installing a new program.

It also captures more detailed information about a process such as image path, user, session ID, and command line.

It can be a bit intimidating at first because it will load up thousands of entries and mostly stuff that the system processes are doing. However, you can use the advanced filters to find exactly what you are looking for.

In the Filter dialog, you can filter by Process Name, Event Class, PID, Session, User, Version, Time of Day, and many other things.  Thousands of items will show up in the list when it is firs opened but that can be reduced to a few hundred by configuring filters to look a specific process.

In short process monitor is a valuable tool if you need to be able to see exactly what a service is doing and what, if any, dependencies it has.