http://technet.microsoft.com/en-us/s.../bb842062.aspx

Process Explorer can show you a far more detailed view of running processes, including sub processes and PIDs.

You may also need to specifically run tasks such as netstat or Process Monitor as Administrator, by right clicking on the application (cmd.exe, procmon.exe) and selecting "Run as Administrator" in order to bypass UAC restrictions.

Once you have isolated the process, Process Monitor can be used to view in real time what the process is doing as far as registry or file system operations.