2
A program has installed c:/windows/syswow64/msxml4.dll on my hard drive. Sadly this is an old version (4.30.2100.0) with a security problem therefore I really wants to remove the file and the program that installed it.
MSXML4 is not in the list of programs that I can uninstall under "Programs and features". Is there a way to find the program that installed it in windows 8.1?
Hope some of you can help.
Rolf
Posted 2014-08-23T13:38:32.027
Reputation: 143
4
As suggested by @DavidMarshall, you could use Dependency Walker:
Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules.
If you have many programs, however, going through all of them is unfeasible. A different approach is to open an elevated command prompt, and run the following command:
type nul>"%temp%\find.txt" & for /r "%systemdrive%\" %G in (*.exe;*.dll) do @find /i "msxml4.dll" "%~fG" >nul 2>&1 && echo %~fG>>"%temp%\find.txt"
What the command does is to recursively scan the content of every application and library file available in the system drive looking for msxml4.dll strings, in a case-insensitive way.
The results are stored in a find.txt file located in the user temporary folder. It's not perfect (see below), but it might give you some hints.
The find command is designed for text files. While it also works for binary files, certain instances could be overlooked depending how they're stored. File permissions might prevent certain files from being scanned, too.
In case you have programs which aren't installed in the system drive you can re-run the command above and specify the corresponding drive letter.
You could include other extensions, such as:
.cpl = Control panel item
.ocx = ActiveX control
.scr = Screen saver
.sys = System file (e.g. device drivers)
and31415
Posted 2014-08-23T13:38:32.027
Reputation: 13 382
2
This is what I came up with for scanning with powershell. I'm new to powershell so it might not be pretty but it works.
$hostName = hostname
$appFilePath = "C:\Windows\Temp\DLL_$hostName.csv"
$scanPath = 'C:\'
$exefile = "*.exe"
$dllFile = "*.dll"
The following creates list of all DLLs and EXEs on c$:
$dll = dir -ErrorAction SilentlyContinue -Recurse -Path $scanPath -Include @($exefile, $dllFile)
The following looks at each file to see if it references MSXML4.dll. Takes about 30 mins on my 149gb of data:
$dll | Select-String "msxml4.dll" -ErrorAction SilentlyContinue | group $($_.name) | select name | export-csv -path $appFilePath`
The output isn't formatted so you'll get something like:
C:\Windows\SysWOW64\migwiz\unbcl.dll:45:Cclass UnBCL::TimeSpan __thiscall UnBCL::TimeSpan::Add(const class UnBCL::TimeSpan &) constresult of TimeSpan additio..... and so on
unbcl.dll is on every machine I've scanned and it can be ignored. I think it's just looking for MSXML4.dll even if it's not on the machine.
You'll also get great stuff like this:
"C:\Users\USERX\Documents\Toad for Oracle 10.1 - R2 Commercial.exe:5045:File_Name=""msxml4.dll"" "
Robert S
Posted 2014-08-23T13:38:32.027
Reputation: 21
0
A better scan would be adding windows\system32 and/or windows\syswow64
For example:
type
nul>"%temp%\find.txt" & for /r "%systemdrive%\windows\syswow64" %G in (*.exe;*.dll) do @find /i "msxml4.dll" "%~fG" >nul 2>&1 && echo %~fG>>"%temp%\find.txt"
fellowadmin
Posted 2014-08-23T13:38:32.027
Reputation: 1
What does this do? What can they do after this is run to fix the problem? – Canadian Luke – 2014-08-27T21:34:09.447
It just help identify the applications that still uses msxml4.dll. You then have the choise to uninstall the application or ask the vendor to upgrade their product to use a later version. – Rolf – 2014-08-28T09:15:59.220
Scanning %ProgramFiles% and %ProgramFiles(x86)% might be more useful in this case. – David Marshall – 2014-09-02T13:08:09.197
First of all, why are you even trying to remove a system file? Is there a specific reason for this? – Vinayak – 2014-08-23T14:13:44.527
1The particular version contain a security problem that I would like to fix. Windows update does not suggest anything. – Rolf – 2014-08-23T15:15:39.343
What's the new version? Do you have a link to a Technet memo on the security issue? – dsolimano – 2014-08-23T15:22:05.593
I found that this windows 8 update for XML Core Services from https://technet.microsoft.com/library/security/ms13-jan help to upgrade the version to 4.30.2117.0. Much better.
– Rolf – 2014-08-23T15:34:12.5603
That's the latest version but MSXML 4.0 SP3 has been unsupported since April 2014, so there will be no more security updates. http://support.microsoft.com/gp/msxmlannounce
– David Marshall – 2014-08-23T15:40:14.7601@DavidMarshall: OK. But in that case it would still be good to know what program installed the file so that I can uninstall the program and tell the vendor that they distribute components with security flaws. – Rolf – 2014-08-23T15:45:31.560
Unfortunately, I don't know any easy way to do that other than renaming msxml4.dll and waiting for something to fail. – David Marshall – 2014-08-23T15:49:22.320
I had hoped that the registry contained dependency information between files and installed products. – Rolf – 2014-08-23T15:51:51.770
2
No. You can run a program like Dependency Walker http://www.dependencywalker.com/ against your third party applications if you don't have too many.
– David Marshall – 2014-08-23T15:58:31.833@Rolf For what is worth, version
– and31415 – 2014-08-23T20:15:47.8834.30.2117.0is available as part of update KB2758694. Do you have that installed?@and31415 Yes, I installed it yesterday to remove the security problems in version 4.30.2100.0. Uninstalling the update does not remove the file. – Rolf – 2014-08-24T08:56:57.290
@DavidMarshall Good idea to use dependencywalker. I just have to many applications installed to go though them all. – Rolf – 2014-08-24T08:57:26.127
Open a command prompt as administrator and run the following command:
for /r "c:\" %G in (*.exe;*.dll) do @find /i "msxml4.dll" "%~fG" >nul 2>&1 && echo %~fG>>"c:\find.txt"It's not perfect; certain instances could be overlooked, but it might give you some hints. – and31415 – 2014-08-24T09:27:16.887@and31415: Interesting approach. It seems that I have very few dependencies. Thank you very much! Provide it as an answer, if you like, and I mark it as solved. – Rolf – 2014-08-24T18:46:31.330