# Solved: Windows script file error



## gregory8391 (Aug 18, 2014)

I am regularly getting a pop up message saying Windows cannot find a script file. It doesn't appear to stop anything working but is most annoying. Does anyone know how to stop it appearing and what causes it?


----------



## Macboatmaster (Jan 15, 2010)

which script file please
the message usually is - for example

"Can not find script file AND then usually the indicated reference to the file it cannot find

such as here


> "Can not find script file c:\windows\temp\vaio care rescue tool.vbs"


----------



## gregory8391 (Aug 18, 2014)

Will let you know when it comes up again.


----------



## Macboatmaster (Jan 15, 2010)

OK then we should be able to make some progress


----------



## gregory8391 (Aug 18, 2014)

Cannot find script file c:/ProgramData\{F95e119D-A9DC-C01B-185A-B099C8D86317}\1.9.3.1\fiber.js". Hope this helps.


----------



## gregory8391 (Aug 18, 2014)

Just by chance found the above file put in my virus vault by AVG. Have now restored it and will see if the box reappears.


----------



## Macboatmaster (Jan 15, 2010)

That was the wrong move
The file is connected with adware usually acquired from some free download of other software
The adware usually produces adverts for coupons to use - usually useless - on various sites for purchases or other advertising pop ups on your browser

Check programs and features in control panel
do you have listed any programs you do not recognise could be named 
*Binkiland, Jamenize, Omniboxes or Taplika* and *WSE_Binkiland, WSE_Jamenize, WSE_Omniboxes or WSE_Taplika*.

or some similar title - they may not be there as AVG may have detected and removed some aspects but left some, resulting in the script error


----------



## gregory8391 (Aug 18, 2014)

I thought it would be OK as it was windows that was trying to find the file.I have no programmes with any of the names you mentioned. What is my best option now? Haven't had the box again so far.


----------



## Macboatmaster (Jan 15, 2010)

Windows was trying to find it because there is some element of the adware left
AVG had put it in the virus vault because it detected it as adware

It is not now trying to find it as you have restored it from the virus vault

Download the FREE malwarebytes, even although you are downloading the FREE one you still have to opt OUT of the offer of the 30 day trial of the paid for edition in the install process
It is most important that you ensure you do opt out of this
Here is the download
http://www.malwarebytes.org/mwb-download/
the right hand column download

When you have it installed run a scan and then allow it to clean
then on the GUI - the Guided user interface click the history tab then on the left click the application logs open the log from the scan and click to copy and then paste the log to your reply


----------



## gregory8391 (Aug 18, 2014)

Scan completed. During the scan AVG did a scheduled scan and returned the offending file to the virus vault

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 15:50:42
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Richard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352555
Time Elapsed: 45 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2], 
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2], 
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2], 
PUP.Optional.Spigot, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, Quarantined, [88dbde92ed9d86b046c1c605f40d11ef], 
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [243ff47ca8e2fc3abb9b8043a85bea16], 
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [8fd429470189290ded69ecd7fb08dc24], 
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [fc67a1cf7e0c5fd7520418ab27dcfe02], 
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\wse_binkiland, Quarantined, [68fb462ac0caa492866ee86a798c8c74], 
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, Quarantined, [fa6982eeb3d71a1c77ca10c8a16248b8],

Registry Values: 12
PUP.Optional.Spigot.SID, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Extensions, "C:\Users\Richard\AppData\Roaming\Browser Extensions\CouponsHelper.exe", Quarantined, [77ec353b2c5eff37b56b340e4abc14ec]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [243ff47ca8e2fc3abb9b8043a85bea16]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [8fd429470189290ded69ecd7fb08dc24]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [fc67a1cf7e0c5fd7520418ab27dcfe02]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, Quarantined, [d88bb3bd3357c27476ea982ba95a0000]
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 2.0, Quarantined, [fa6982eeb3d71a1c77ca10c8a16248b8]
PUP.Optional.Spigot.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}|URL, https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}, Quarantined, [f073fe72a6e4ed49f735d6efb84b60a0]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldwz_15_13&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0Czy0D0ByEtC0A0EyDtDtN0D0Tzu0StCtCyBzytN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtBtN1L1G1B1V1N2Y1L1Qzu2SyDtCtDzy0CyDtBtCtG0A0F0C0CtG0CyCyD0EtG0AyCtCyDtGtD0CtCyCtCyEyE0FzztB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyByE0F0F0CzztGzz0C0AyEtGyEtAtA0CtG0AyCyB0BtG0CyDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=, Quarantined, [94cf125e0c7e3600a3a9ccfa1fe4a15f]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldwz_15_13&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0Czy0D0ByEtC0A0EyDtDtN0D0Tzu0StCtCyBzytN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtBtN1L1G1B1V1N2Y1L1Qzu2SyDtCtDzy0CyDtBtCtG0A0F0C0CtG0CyCyD0EtG0AyCtCyDtGtD0CtCyCtCyEyE0FzztB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyByE0F0F0CzztGzz0C0AyEtGyEtAtA0CtG0AyCyB0BtG0CyDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=, Quarantined, [cb9891dfc3c7a492da72fbcbef140df3]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|FaviconPath, C:\Users\Richard\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [3b28b4bcc6c4fc3a81cb5c6ae71c21df]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}, Binkiland, Quarantined, [d48f214ff496ad8953f95d6991724bb5]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|DisplayName, Binkiland, Quarantined, [dd86e7892a60e353ca82745244bfe917]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db],

Files: 21
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\CouponsHelper.exe, Quarantined, [77ec353b2c5eff37b56b340e4abc14ec], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Button.exe, Quarantined, [045f531d22680e28d050dc66ca3c48b8], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Button64.exe, Quarantined, [f56e8ee2325857df9090ba88eb1b3bc5], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\ButtonWrap.dll, Quarantined, [69fa0b65bbcf270faf712f1374928b75], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\ButtonWrap64.dll, Quarantined, [97cc8be52862f145d9471e2439cdab55], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Coupons.dll, Quarantined, [a1c29fd18dfde452b070fd4512f4ba46], 
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Coupons64.dll, Quarantined, [81e2b3bd0b7f290d60c00240f4126997], 
PUP.Optional.Spigot, C:\Users\Richard\AppData\Roaming\Browser Extensions\Uninstall.exe, Quarantined, [88dbde92ed9d86b046c1c605f40d11ef], 
PUP.Optional.Binkiland.C, C:\Users\Richard\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [570cbbb537534cea3219dfe4ca39b050], 
PUP.Optional.Spigot.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\searchplugins\yahoo_ff.xml, Quarantined, [7be8c4ac7a100a2c59ca1fb5e61dc33d], 
PUP.Optional.Binkiland.A, C:\Windows\System32\Tasks\Binkiland tese, Quarantined, [69fa1f512b5f6dc92dc4d67c798c6f91], 
PUP.Optional.Binkiland.A, C:\Windows\Tasks\Binkiland tese.job, Quarantined, [abb872fe5e2c5dd9d0229bb7ee1748b8], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\searchplugins\Binkiland.xml, Quarantined, [fa697ff1bfcb162008ebb2a072930000], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\config.dat, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\info.dat, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\STTL.DAT, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\TTL.DAT, Quarantined, [5310f47c335749ed1be3fbc2d72cb749], 
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\config.dat, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db], 
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\Sqlite3.dll, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db], 
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\uninst.dat, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db], 
PUP.Optional.Spigot.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=201117&p="), Replaced,[6df675fb7317dd59f9b79ea5a85e8080]

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## Macboatmaster (Jan 15, 2010)

I presume you have seen it from malwarebytes


> PUP.Optional.Binkiland.


in numerous entries.

although not listed in your programs and features it was certainly there


> do you have listed any programs you do not recognise could be named
> Binkiland, Jamenize, Omniboxes or Taplika and WSE_Binkiland, WSE_Jamenize, WSE_Omniboxes or WSE_Taplika.


Test it now please
I suggest you keep malwarebytes and use it as a supporting scan for AVG


----------



## gregory8391 (Aug 18, 2014)

Yes I saw it. Can I delete all the files in malwarebyes quarantine and will the box pop up again now that AVG has quarantined it again? What do I test?


----------



## Macboatmaster (Jan 15, 2010)

AVG had not done the job properly
Malwarebytes has hopefully found it all

AVG failed to do the job properly, otherwise the system could not have been looking for the script if AVG had removed all aspects of the Binkiland etc
do not delete them until you KNOW all is OK

Test it by using it and see if you still get the script pop-ups

If all is OK in a couple of days come back and mark the topic solved by clicking the mark solved button on your post


----------



## gregory8391 (Aug 18, 2014)

Will give it a couple of days and come back to you. Thanks for all your help.


----------



## Macboatmaster (Jan 15, 2010)

Cheers 
You are welcome
Often in Stockport area years ago
Strawberry ? a pub on the A6 cannot remember the name now - as I am going back 30 yrs or so


----------



## gregory8391 (Aug 18, 2014)

Only been in Stockport for 18 years and don't remember a pub called Strawberry? No popups yet so keeping fingers crossed. Put malbytes on my other 2 computers, looks a good programme.


----------



## Macboatmaster (Jan 15, 2010)

Cheers


----------



## gregory8391 (Aug 18, 2014)

No more missing script files so am declaring this thread solved and many thanks to macboatmaster for his patience and help.


----------



## Macboatmaster (Jan 15, 2010)

Cheers


----------

