How to tell what is changing a windows environment variable

I have a (win8) system where, each time it is rebooted, something is modifying the HOME environment variable.

This is causing problems, and I want to track down what is modifying it.

Is there any way to tell what is modifying that environment variable?

Monitoring when registry keys are modified:

What we need to do is:

1.   Run the following command from Command Prompt:
   
    auditpol /set /subcategory:"Registry" /success:enable
   

Note: if the OS has a different language pack, the name Registry might differ. For instance, on a German Windows, the name is Registrierung. To see what the name of the subcategory is you can run:

auditpol /list /subcategory:*

2.   Open Registry Editor and navigate to the key which we want to audit 
   

• User Variables: HKEY_CURRENT_USER\Environment
• System Variables (PATH is a system variable): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\

3.   Right-click on the key and choose `Permissions…`
   

4.   Click `Advanced` and switch to the `Auditing` tab
   

5.   Add a user or group and select Access: Set Value
   

6.   Apply settings
   

Now the registry changes are visible in the Event Viewer under Windows Logs\Security: