in reply to Monitoring Windows Registry Changes
I'd play with Win32::TieRegistry, especially the
$key->RegNotifyChangeKeyValue( $bWatchSubtree, $iNotifyFilter, $hEvent, $bAsync );
You could also turn Auditing on the registry and montitor the Event Logs, hopefully leveraging any existing Event Log Security monitoring you may have (using Win32::EventLog, of course :)
c-era has good suggestions. The only thing I can add is you could run the monitor via mstask (scheduler).