This is what I came up with for scanning with powershell. I'm new to powershell so it might not be pretty but it works.
$hostName = hostname
$appFilePath = "C:\Windows\Temp\DLL_$hostName.csv"
$scanPath = 'C:\'
$exefile = "*.exe"
$dllFile = "*.dll"
The following creates list of all DLLs and EXEs on c$:
$dll = dir -ErrorAction SilentlyContinue -Recurse -Path $scanPath -Include @($exefile, $dllFile)
The following looks at each file to see if it references MSXML4.dll. Takes about 30 mins on my 149gb of data:
$dll | Select-String "msxml4.dll" -ErrorAction SilentlyContinue | group $($_.name) | select name | export-csv -path $appFilePath`
The output isn't formatted so you'll get something like:
C:\Windows\SysWOW64\migwiz\unbcl.dll:45:Cclass UnBCL::TimeSpan __thiscall UnBCL::TimeSpan::Add(const class UnBCL::TimeSpan &) constresult of TimeSpan additio..... and so on
unbcl.dll is on every machine I've scanned and it can be ignored. I think it's just looking for MSXML4.dll even if it's not on the machine.
You'll also get great stuff like this:
"C:\Users\USERX\Documents\Toad for Oracle 10.1 - R2 Commercial.exe:5045:File_Name=""msxml4.dll"" "
First of all, why are you even trying to remove a system file? Is there a specific reason for this? – Vinayak – 2014-08-23T14:13:44.527
1The particular version contain a security problem that I would like to fix. Windows update does not suggest anything. – Rolf – 2014-08-23T15:15:39.343
What's the new version? Do you have a link to a Technet memo on the security issue? – dsolimano – 2014-08-23T15:22:05.593
I found that this windows 8 update for XML Core Services from https://technet.microsoft.com/library/security/ms13-jan help to upgrade the version to 4.30.2117.0. Much better.
– Rolf – 2014-08-23T15:34:12.5603
That's the latest version but MSXML 4.0 SP3 has been unsupported since April 2014, so there will be no more security updates. http://support.microsoft.com/gp/msxmlannounce
– David Marshall – 2014-08-23T15:40:14.7601@DavidMarshall: OK. But in that case it would still be good to know what program installed the file so that I can uninstall the program and tell the vendor that they distribute components with security flaws. – Rolf – 2014-08-23T15:45:31.560
Unfortunately, I don't know any easy way to do that other than renaming msxml4.dll and waiting for something to fail. – David Marshall – 2014-08-23T15:49:22.320
I had hoped that the registry contained dependency information between files and installed products. – Rolf – 2014-08-23T15:51:51.770
2
No. You can run a program like Dependency Walker http://www.dependencywalker.com/ against your third party applications if you don't have too many.
– David Marshall – 2014-08-23T15:58:31.833@Rolf For what is worth, version
– and31415 – 2014-08-23T20:15:47.8834.30.2117.0
is available as part of update KB2758694. Do you have that installed?@and31415 Yes, I installed it yesterday to remove the security problems in version 4.30.2100.0. Uninstalling the update does not remove the file. – Rolf – 2014-08-24T08:56:57.290
@DavidMarshall Good idea to use dependencywalker. I just have to many applications installed to go though them all. – Rolf – 2014-08-24T08:57:26.127
Open a command prompt as administrator and run the following command:
for /r "c:\" %G in (*.exe;*.dll) do @find /i "msxml4.dll" "%~fG" >nul 2>&1 && echo %~fG>>"c:\find.txt"
It's not perfect; certain instances could be overlooked, but it might give you some hints. – and31415 – 2014-08-24T09:27:16.887@and31415: Interesting approach. It seems that I have very few dependencies. Thank you very much! Provide it as an answer, if you like, and I mark it as solved. – Rolf – 2014-08-24T18:46:31.330