What are these .log files in my Windows folder? (Win XP Pro SP 3)

[HF]

I find odd log files in my Windows folder and would like to know what they
are. Their filenames are imsins.log and iis6.log. They contain text that
makes me wonder what they are, for example...


iis6.log has stuff like

[6/16/2006 19:19:31] LogFile Open. [***** Search on FAIL/MessageBox keywords
for failures *****].
[6/16/2006 19:19:31] Initial thread locale=40b
[6/16/2006 19:19:31] returned from France fix with locale 40b
[6/16/2006 19:19:31] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[6/16/2006 19:19:31] OC_INIT_COMPONENT:[iis,(null)] Start.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:15.9.2004 12:00:00 A_______
6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86:
C:\WINDOWS\system32\Setup\iis.dll
[6/16/2006 19:19:31] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[6/16/2006 19:19:31] OC_INIT_COMPONENT:CmdLine=setup -newsetup
[6/16/2006 19:19:31] OC_INIT_COMPONENTebugLevel=3.
[6/16/2006 19:19:31] OC_INIT_COMPONENTebugValidateHeap=1.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:GlobalFastLoad=1.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:SetInstallMode=IM_FRESH
[6/16/2006 19:19:31] OC_INIT_COMPONENT:CRegKey::QueryValue(): SourcePath Not
found. WARNING. code=0x2
[6/16/2006 19:19:31] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not
exist. we'll use the default. WARNING.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:NTCurrentBuildNumber=2600
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32768=C:\WINDOWS\system32\inetsrv
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32769=C:\Inetpub\ftproot
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32770=C:\Inetpub\wwwroot
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32771=C:\Inetpub\iissamples
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32772=C:\Inetpub\scripts
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32773=C:\Inetpub

imsins.log has stuff like

[6/10/2009 13:13:56] LogFile Open.
[6/10/2009 13:13:56] Entering OCEntry; Component = <ims> (0)
[6/10/2009 13:13:56] Function = OC_PREINITIALIZE (0), Param1 = 00000003
(3), Param2 = 00000000 (00000000)
[6/10/2009 13:13:56] Leaving OCEntry. Return=1
[6/10/2009 13:13:56] Entering OCEntry; Component = <ims> (0)
[6/10/2009 13:13:56] Function = OC_INIT_COMPONENT (1), Param1 = 00000000
(0), Param2 = 00068F14 (00068F14)
[6/10/2009 13:13:56] No other SMTP servers detected, installing IMS.
[6/10/2009 13:13:56] Leaving OCEntry. Return=0


The files talk about IIS and SMTP servers, but as far as I know I don't have
any servers installed and definately didn't want to install any servers.

The created and modified dates on these files are interesting, too. Both
imsins.log and iis6.log seem to have a creation date the same as when I first
installed Windows on this comp, and the same modified date as my last Windows
update. So maybe they have something to do with Windows update, but I wanted
to find out.

If anyone can tell me what these files are and why they are on a system that
isn't supposed to have any IIS servers or SMTP mail servers, you'd make my
day. =) I'm running Win XP Pro SP3. Thanks!

(I already posted this in the Vista forum, but that was the wrong place for
it...)

 

[Leonard Grey]

Do what we do: Search the web, using the name of the log file as the
search term. Or right-click on the file and check its properties.
---
Leonard Grey
Errare humanum est

I find odd log files in my Windows folder and would like to know what they
are. Their filenames are imsins.log and iis6.log. They contain text that
makes me wonder what they are, for example...


iis6.log has stuff like

[6/16/2006 19:19:31] LogFile Open. [***** Search on FAIL/MessageBox keywords
for failures *****].
[6/16/2006 19:19:31] Initial thread locale=40b
[6/16/2006 19:19:31] returned from France fix with locale 40b
[6/16/2006 19:19:31] OC_PREINITIALIZE:[iis] End. Return=1 (OCFLAG_UNICODE)
[6/16/2006 19:19:31] OC_INIT_COMPONENT:[iis,(null)] Start.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:15.9.2004 12:00:00 A_______
6.0.2600.2180: 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158): x86:
C:\WINDOWS\system32\Setup\iis.dll
[6/16/2006 19:19:31] OC_INIT_COMPONENT:Set UnAttendFlag:OFF (File='')
[6/16/2006 19:19:31] OC_INIT_COMPONENT:CmdLine=setup -newsetup
[6/16/2006 19:19:31] OC_INIT_COMPONENTebugLevel=3.
[6/16/2006 19:19:31] OC_INIT_COMPONENTebugValidateHeap=1.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:GlobalFastLoad=1.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:SetInstallMode=IM_FRESH
[6/16/2006 19:19:31] OC_INIT_COMPONENT:CRegKey::QueryValue(): SourcePath Not
found. WARNING. code=0x2
[6/16/2006 19:19:31] OC_INIT_COMPONENT:Old InetPub='C:\Inetpub'. Does not
exist. we'll use the default. WARNING.
[6/16/2006 19:19:31] OC_INIT_COMPONENT:NTCurrentBuildNumber=2600
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32768=C:\WINDOWS\system32\inetsrv
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32769=C:\Inetpub\ftproot
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32770=C:\Inetpub\wwwroot
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32771=C:\Inetpub\iissamples
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32772=C:\Inetpub\scripts
[6/16/2006 19:19:31] OC_INIT_COMPONENT:32773=C:\Inetpub

imsins.log has stuff like

[6/10/2009 13:13:56] LogFile Open.
[6/10/2009 13:13:56] Entering OCEntry; Component = <ims> (0)
[6/10/2009 13:13:56] Function = OC_PREINITIALIZE (0), Param1 = 00000003
(3), Param2 = 00000000 (00000000)
[6/10/2009 13:13:56] Leaving OCEntry. Return=1
[6/10/2009 13:13:56] Entering OCEntry; Component = <ims> (0)
[6/10/2009 13:13:56] Function = OC_INIT_COMPONENT (1), Param1 = 00000000
(0), Param2 = 00068F14 (00068F14)
[6/10/2009 13:13:56] No other SMTP servers detected, installing IMS.
[6/10/2009 13:13:56] Leaving OCEntry. Return=0


The files talk about IIS and SMTP servers, but as far as I know I don't have
any servers installed and definately didn't want to install any servers.

The created and modified dates on these files are interesting, too. Both
imsins.log and iis6.log seem to have a creation date the same as when I first
installed Windows on this comp, and the same modified date as my last Windows
update. So maybe they have something to do with Windows update, but I wanted
to find out.

If anyone can tell me what these files are and why they are on a system that
isn't supposed to have any IIS servers or SMTP mail servers, you'd make my
day. =) I'm running Win XP Pro SP3. Thanks!

(I already posted this in the Vista forum, but that was the wrong place for
it...)

 

[HF]

Do what we do: Search the web, using the name of the log file as the
search term. Or right-click on the file and check its properties.

Thanks.

That was the first thing I did. Usually Google does the trick for me. In
this case, I found nothing conclusive, just some people wondering what those
files are, and some references to those being actual IIS server logs.
Unfortunately I did not find a clear reply to what creates those files and
why, and do they mean a server of some kind is installed on the system. So, I
was hoping someone would know. Knowing beats guessing or searching Google. =)

The file properties tell me nothing interesting, except what I already wrote
about the created and modified dates.

 

[Dee]

--
XP Home Edition Version 2002 SP3
Norton Internet Security 2009

Thanks.

That was the first thing I did. Usually Google does the trick for me. In
this case, I found nothing conclusive, just some people wondering what those
files are, and some references to those being actual IIS server logs.
Unfortunately I did not find a clear reply to what creates those files and
why, and do they mean a server of some kind is installed on the system. So, I
was hoping someone would know. Knowing beats guessing or searching Google. =)

The file properties tell me nothing interesting, except what I already wrote
about the created and modified dates.

Hi HF
I searched on Microsoft's website and came up with the following results:

1.
http://search.microsoft.com/results.aspx?form=MSHOME&mkt=en-US&setlang=en-US&q=imsins.log

2.
http://search.microsoft.com/results.aspx?form=MSHOME&mkt=en-US&setlang=en-US&q=iis6.log

Click on these links. If not clickable, copy and paste onto address bar on
your browser.

I hope this helps. I usually search on Microsoft's website for Microsoft
products rather than another search engine.

 

[HF]

Hi HF
I searched on Microsoft's website and came up with the following results:

1.
http://search.microsoft.com/results.aspx?form=MSHOME&mkt=en-US&setlang=en-US&q=imsins.log

2.
http://search.microsoft.com/results.aspx?form=MSHOME&mkt=en-US&setlang=en-US&q=iis6.log

Click on these links. If not clickable, copy and paste onto address bar on
your browser.

I hope this helps. I usually search on Microsoft's website for Microsoft
products rather than another search engine.

Thanks, Dee! Searching Microsoft's site makes sense... I figure I'm a bit
too used to google things.

From those links, it looks like imsins.log and iis6.log are 'legit' files,
but I still couldn't find out if they are present only on systems with
servers installed. Do you guys have these files in your Windows folder, on
systems with no servers running, or is it just me? =O

 

[VanguardLH]

I find odd log files in my Windows folder ... Their filenames are
imsins.log and iis6.log.

The files talk about IIS and SMTP servers, but as far as I know I
don't have any servers installed ...

You do if, for example, you enabled web-shared folders (i.e., if you
use "Publish this folder to the Web").

and definately didn't want to install any servers.

But did you, anyway? Go to Add/Remove Programs and click on the
Add/Remove Windows Components button. Then check if you install the
IIS server.

 

[HF]

You do if, for example, you enabled web-shared folders (i.e., if you
use "Publish this folder to the Web").


But did you, anyway? Go to Add/Remove Programs and click on the
Add/Remove Windows Components button. Then check if you install the
IIS server.

Thanks!

I have not enabled web-shared folders. I don't know if Windows has done
something like that itself, without me noticing it, but I know I haven't done
it. So as far as I know I haven't any web-shared folders here.

As far as I know, I also haven't installed servers. I have previously looked
in Add/Remove Programs, and just doublechecked due to your advice, and I do
not see IIS or Internet Information Server or anything like that listed
there. In fact I don't see anything that contains the word Server in there.

That's why I'm pretty puzzled by these log files. I take it that you guys
don't have log files like these in your Windows folder, or do have them but
that's because you're running IIS or something like that?

 

[VanguardLH]

I have not enabled web-shared folders. I don't know if Windows has done
something like that itself, without me noticing it, but I know I haven't done
it. So as far as I know I haven't any web-shared folders here.

As far as I know, I also haven't installed servers. I have previously looked
in Add/Remove Programs,

Okay, so did you then go look at Windows components as mentioned above?

and just doublechecked due to your advice, and I do
not see IIS or Internet Information Server or anything like that listed
there. In fact I don't see anything that contains the word Server in there.

IIS will be listed whether it is enabled (installed) or disabled (not
installed).

 

[HF]

Okay, so did you then go look at Windows components as mentioned above?


IIS will be listed whether it is enabled (installed) or disabled (not
installed).

Whoops. I checked only Add Remove Programs, but neglected to check the
Windows Components part. Apparently I can't read. Sorry!

I have now checked the Windows Components part of Add / Remove Programs, and
you're right, there is an "Internet Information Services" in the list. The
checkbox in front of it is empty. I figure that means IIS is not installed
and that's how I like it. Which leads me back to wondering what the iis6.log
and imsins.log files are. That may be a stupid question, though, as I really
don't know much of anything about how IIS works or what Windows Update does
precisely, except that it installs patches.

 

[Jim]

Whoops. I checked only Add Remove Programs, but neglected to check the
Windows Components part. Apparently I can't read. Sorry!

I have now checked the Windows Components part of Add / Remove Programs,
and
you're right, there is an "Internet Information Services" in the list. The
checkbox in front of it is empty. I figure that means IIS is not installed
and that's how I like it. Which leads me back to wondering what the
iis6.log
and imsins.log files are. That may be a stupid question, though, as I
really
don't know much of anything about how IIS works or what Windows Update
does
precisely, except that it installs patches.

The logs seem to show that the install program discovered that nothing
should be installed. And so, it aborted installation.
Jim

 

[VanguardLH]

Whoops. I checked only Add Remove Programs, but neglected to check the
Windows Components part. Apparently I can't read. Sorry!

I have now checked the Windows Components part of Add / Remove Programs, and
you're right, there is an "Internet Information Services" in the list. The
checkbox in front of it is empty. I figure that means IIS is not installed
and that's how I like it. Which leads me back to wondering what the iis6.log
and imsins.log files are. That may be a stupid question, though, as I really
don't know much of anything about how IIS works or what Windows Update does
precisely, except that it installs patches.

That the IIS *service* isn't running doesn't mean some of its components
cannot be used by other programs. That a Windows component isn't
"installed" doesn't mean all of its files are absent. I don't know
which ones would be those other programs but the iis6.log file does
seems to get touched occasionally. For example, a service may have a
dependency on the IIS service but not necessarily fail because the IIS
service is not installed. Whatever is touching the iis6.log file seems
to be so infrequent that I've not seen anything touching it when using
SysInternals' FileMon utility to see what might touch that file.

 

[HF]

That the IIS *service* isn't running doesn't mean some of its components
cannot be used by other programs. That a Windows component isn't
"installed" doesn't mean all of its files are absent. I don't know
which ones would be those other programs but the iis6.log file does
seems to get touched occasionally. For example, a service may have a
dependency on the IIS service but not necessarily fail because the IIS
service is not installed. Whatever is touching the iis6.log file seems
to be so infrequent that I've not seen anything touching it when using
SysInternals' FileMon utility to see what might touch that file.

Interestingly, I just checked the iis6.log and imsins.log again, and guess
what. Both have been modified at the exact moment I opened Add / Remove
Programs and Add / Remove Windows Components. I tried again to confirm: I
opened Add / Remove Windows Components, and then closed it, and sure enough,
iis6.log and imsins.log are immediately updated. It looks like a file called
sysocmgr.exe is editing those log files, and that looks to be the System
Optional Component Manager. I even found references to this file in the
iis6.log, like so:

OC_INIT_COMPONENT:CmdLine="C:\WINDOWS\system32\sysocmgr.exe" /y
/i:C:\WINDOWS\system32\sysoc.inf

At the very end of the iis6.log file, there are these lines:

OC_CLEANUP:Final Check:=======================
OC_CLEANUP:Final Check:OC_PREINITIALIZE Called=1
OC_CLEANUP:Final Check:OC_INIT_COMPONENT Called=1
OC_CLEANUP:Final Check:OC_SET_LANGUAGE Called=0
OC_CLEANUP:Final Check:OC_QUERY_IMAGE Called=1
OC_CLEANUP:Final Check:OC_REQUEST_PAGES Called=0
OC_CLEANUP:Final Check:OC_WIZARD_CREATED Called=1
OC_CLEANUP:Final Check:OC_QUERY_STATE Called=1
OC_CLEANUP:Final Check:OC_QUERY_CHANGE_SEL_STATE Called=0
OC_CLEANUP:Final Check:OC_QUERY_SKIP_PAGE Called=0
OC_CLEANUP:Final Check:OC_CALC_DISK_SPACE Called=0
OC_CLEANUP:Final Check:OC_QUEUE_FILE_OPS Called=0
OC_CLEANUP:Final Check:OC_NEED_MEDIA Called=0
OC_CLEANUP:Final Check:OC_NOTIFICATION_FROM_QUEUE Called=0
OC_CLEANUP:Final Check:OC_QUERY_STEP_COUNT Called=0
OC_CLEANUP:Final Check:OC_ABOUT_TO_COMMIT_QUEUE Called=0
OC_CLEANUP:Final Check:OC_FILE_BUSY Called=0
OC_CLEANUP:Final Check:OC_COMPLETE_INSTALLATION Called=0
OC_CLEANUP:Final Check:OC_CLEANUP Called=1
OC_CLEANUP:Final Check:OC_DEFAULT Called=1
OC_CLEANUP:Final Check:RtlValidateHeap(): Good.
OC_CLEANUP:Final Check:LogFile Close.

And then I just read through the whole log, and found lots of references
like this:

OC_INIT_COMPONENT:CmdLine=update\update.exe -q -z -er
/ParentInfo:360cadfab554714d86a208859c91a586

I figure update.exe means the Windows patches, so I guess this confirms that
Windows update and Add / Remove Components are the ones that edit these log
files. I googled around for how to detect a running IIS server, and there
were many references to look for a registry key
HKLM\Software\Microsoft\InetStp to confirm that IIS is installed. No such key
exists here, so I figure that means IIS is not installed, and like you said,
something else (Windows update and Add / Remove Windows Components, it seems)
is just using components of IIS to do its thing and then logs this in the two
log files. I guess that explains why iis6.log and imsins.log are on this
machine. I guess that also means they should be present on every Windows
machine that uses Windows update. Thanks all. =)

 

[Gordon]

Dee wrote:
<nothing - posts stripped out>

Hi - if you are going to use a signature please place it UNDER your
reply as any good newsreader will strip everything out under the
signature delimiter....just like this has done.

 

[Nate Grossman]

Dee wrote:
<nothing - posts stripped out>

Hi - if you are going to use a signature please place it UNDER your
reply as any good newsreader will strip everything out under the
signature delimiter....just like this has done.

Agent is a good newsreader... and if I want to include all of a post,
I merely highlight the entire post before choosing to reply.

Any good newsreader should have that capability available for any
knowledgeable user who knows about the delimiter and who isn't too
lazy to use a work around.

 

[VanguardLH]

sysocmgr.exe

That is the System Components manager program. In fact, there are
tricks where you edit its sysocmgr.inf file to make normally hidden
items unhidden so you can manipulate them with the manager program. As
I recall, I had to change a value for the msmsgs entry (Windows
Messenger, a precursor to MS Messenger and then Windows Live Messenger)
to 7 so it would appear in the Add/Remove Windows Components list so I
could then uninstall it (rather than just disable it inside of, say,
Outlook or OE).

When I used Add/Remove Windows Components, the iis6.log file got
updated. However, upon redoing that applet, the file didn't get touched
again. So it must only periodically have to check the state of the
component installs or I drilled down to a certain point that made it
cause an update.

http://support.microsoft.com/kb/222444