There is a very old hack out there that enables logging for the advpack.dll and IEAdvpack.dll DLLs. Many of their functions include the logging, so enabling this may help to pick up some old-school forensic logs. Of course, the value of it today is superlow, but it’s an interesting feature nevertheless, and in a way similar to WinHTTP logging I covered in the past.
To enable this feature we simply add this Registry entry:
HKLM\SOFTWARE\Microsoft\Advanced INF Setup
AdvpackLogFile=c:\test\log.txt
To test it, we can run these 2 commands:
rundll32.exe advpack.dll,RegisterOCX calc.exe rundll32.exe IEAdvpack.dll,RegisterOCX calc.exe
The results will look as follows: