Solved: Windows script file error

[gregory8391]

I am regularly getting a pop up message saying Windows cannot find a script file. It doesn't appear to stop anything working but is most annoying. Does anyone know how to stop it appearing and what causes it?

 

[Macboatmaster]

which script file please
the message usually is - for example


"Can not find script file AND then usually the indicated reference to the file it cannot find


such as here

"Can not find script file c:\windows\temp\vaio care rescue tool.vbs"

 

[gregory8391]

Will let you know when it comes up again.

 

[Macboatmaster]

OK then we should be able to make some progress

 

[gregory8391]

Cannot find script file c:/ProgramData\{F95e119D-A9DC-C01B-185A-B099C8D86317}\1.9.3.1\fiber.js". Hope this helps.

 

[gregory8391]

Just by chance found the above file put in my virus vault by AVG. Have now restored it and will see if the box reappears.

 

[Macboatmaster]

That was the wrong move
The file is connected with adware usually acquired from some free download of other software
The adware usually produces adverts for coupons to use - usually useless - on various sites for purchases or other advertising pop ups on your browser


Check programs and features in control panel
do you have listed any programs you do not recognise could be named
Binkiland, Jamenize, Omniboxes or Taplika and WSE_Binkiland, WSE_Jamenize, WSE_Omniboxes or WSE_Taplika.


or some similar title - they may not be there as AVG may have detected and removed some aspects but left some, resulting in the script error

 

[gregory8391]

I thought it would be OK as it was windows that was trying to find the file.I have no programmes with any of the names you mentioned. What is my best option now? Haven't had the box again so far.

 

[Macboatmaster]

Windows was trying to find it because there is some element of the adware left
AVG had put it in the virus vault because it detected it as adware


It is not now trying to find it as you have restored it from the virus vault


Download the FREE malwarebytes, even although you are downloading the FREE one you still have to opt OUT of the offer of the 30 day trial of the paid for edition in the install process
It is most important that you ensure you do opt out of this
Here is the download
http://www.malwarebytes.org/mwb-download/
the right hand column download


When you have it installed run a scan and then allow it to clean
then on the GUI - the Guided user interface click the history tab then on the left click the application logs open the log from the scan and click to copy and then paste the log to your reply

 

[gregory8391]

Scan completed. During the scan AVG did a scheduled scan and returned the offending file to the virus vault

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 15:50:42
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Richard

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352555
Time Elapsed: 45 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2],
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2],
PUP.Optional.Binkiland.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}, Quarantined, [194a6a065139bf77a7d87dc1a85b4eb2],
PUP.Optional.Spigot, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, Quarantined, [88dbde92ed9d86b046c1c605f40d11ef],
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [243ff47ca8e2fc3abb9b8043a85bea16],
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [8fd429470189290ded69ecd7fb08dc24],
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A5BBB804-8009-4246-BED3-2D3335981EF6}\INSTL\DATA, Quarantined, [fc67a1cf7e0c5fd7520418ab27dcfe02],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\wse_binkiland, Quarantined, [68fb462ac0caa492866ee86a798c8c74],
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, Quarantined, [fa6982eeb3d71a1c77ca10c8a16248b8],

Registry Values: 12
PUP.Optional.Spigot.SID, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Extensions, "C:\Users\Richard\AppData\Roaming\Browser Extensions\CouponsHelper.exe", Quarantined, [77ec353b2c5eff37b56b340e4abc14ec]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [243ff47ca8e2fc3abb9b8043a85bea16]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [8fd429470189290ded69ecd7fb08dc24]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{a5bbb804-8009-4246-bed3-2d3335981ef6}\INSTL\DATA|tlbrSrchUrl, http://binkiland.com/?f=3&a=bnk_dnl...yDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=&q=, Quarantined, [fc67a1cf7e0c5fd7520418ab27dcfe02]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, Quarantined, [d88bb3bd3357c27476ea982ba95a0000]
PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 2.0, Quarantined, [fa6982eeb3d71a1c77ca10c8a16248b8]
PUP.Optional.Spigot.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}|URL, https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}, Quarantined, [f073fe72a6e4ed49f735d6efb84b60a0]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|URL, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldwz_15_13&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0Czy0D0ByEtC0A0EyDtDtN0D0Tzu0StCtCyBzytN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtBtN1L1G1B1V1N2Y1L1Qzu2SyDtCtDzy0CyDtBtCtG0A0F0C0CtG0CyCyD0EtG0AyCtCyDtGtD0CtCyCtCyEyE0FzztB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyByE0F0F0CzztGzz0C0AyEtGyEtAtA0CtG0AyCyB0BtG0CyDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=, Quarantined, [94cf125e0c7e3600a3a9ccfa1fe4a15f]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|TopResultURLFallback, http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldwz_15_13&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0Czy0D0ByEtC0A0EyDtDtN0D0Tzu0StCtCyBzytN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1BtBtN1L1G1B1V1N2Y1L1Qzu2SyDtCtDzy0CyDtBtCtG0A0F0C0CtG0CyCyD0EtG0AyCtCyDtGtD0CtCyCtCyEyE0FzztB0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0CyByE0F0F0CzztGzz0C0AyEtGyEtAtA0CtG0AyCyB0BtG0CyDzztD0CtAyCzy0D0D0DyC2Q&cr=1302301819&ir=, Quarantined, [cb9891dfc3c7a492da72fbcbef140df3]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|FaviconPath, C:\Users\Richard\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [3b28b4bcc6c4fc3a81cb5c6ae71c21df]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}, Binkiland, Quarantined, [d48f214ff496ad8953f95d6991724bb5]
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4260570457-546793334-1600268378-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{46D88CED-9BB6-404A-A886-4A06CBE20CCA}|DisplayName, Binkiland, Quarantined, [dd86e7892a60e353ca82745244bfe917]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db],

Files: 21
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\CouponsHelper.exe, Quarantined, [77ec353b2c5eff37b56b340e4abc14ec],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Button.exe, Quarantined, [045f531d22680e28d050dc66ca3c48b8],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Button64.exe, Quarantined, [f56e8ee2325857df9090ba88eb1b3bc5],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\ButtonWrap.dll, Quarantined, [69fa0b65bbcf270faf712f1374928b75],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\ButtonWrap64.dll, Quarantined, [97cc8be52862f145d9471e2439cdab55],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Coupons.dll, Quarantined, [a1c29fd18dfde452b070fd4512f4ba46],
PUP.Optional.Spigot.SID, C:\Users\Richard\AppData\Roaming\Browser Extensions\Coupons64.dll, Quarantined, [81e2b3bd0b7f290d60c00240f4126997],
PUP.Optional.Spigot, C:\Users\Richard\AppData\Roaming\Browser Extensions\Uninstall.exe, Quarantined, [88dbde92ed9d86b046c1c605f40d11ef],
PUP.Optional.Binkiland.C, C:\Users\Richard\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [570cbbb537534cea3219dfe4ca39b050],
PUP.Optional.Spigot.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\searchplugins\yahoo_ff.xml, Quarantined, [7be8c4ac7a100a2c59ca1fb5e61dc33d],
PUP.Optional.Binkiland.A, C:\Windows\System32\Tasks\Binkiland tese, Quarantined, [69fa1f512b5f6dc92dc4d67c798c6f91],
PUP.Optional.Binkiland.A, C:\Windows\Tasks\Binkiland tese.job, Quarantined, [abb872fe5e2c5dd9d0229bb7ee1748b8],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\searchplugins\Binkiland.xml, Quarantined, [fa697ff1bfcb162008ebb2a072930000],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\config.dat, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\info.dat, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\STTL.DAT, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Users\Richard\AppData\Roaming\Wse_binkiland\UpdateProc\TTL.DAT, Quarantined, [5310f47c335749ed1be3fbc2d72cb749],
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\config.dat, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db],
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\Sqlite3.dll, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db],
PUP.Optional.Binkiland.A, C:\Program Files (x86)\WSE_Binkiland\uninst.dat, Quarantined, [9ac9ff71a3e7a78fe718427b7f8425db],
PUP.Optional.Spigot.A, C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\0pfwis4w.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=201117&p="), Replaced,[6df675fb7317dd59f9b79ea5a85e8080]

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Macboatmaster]

I presume you have seen it from malwarebytes

PUP.Optional.Binkiland.

in numerous entries.



although not listed in your programs and features it was certainly there

do you have listed any programs you do not recognise could be named
Binkiland, Jamenize, Omniboxes or Taplika and WSE_Binkiland, WSE_Jamenize, WSE_Omniboxes or WSE_Taplika.

Test it now please
I suggest you keep malwarebytes and use it as a supporting scan for AVG

 

[gregory8391]

Yes I saw it. Can I delete all the files in malwarebyes quarantine and will the box pop up again now that AVG has quarantined it again? What do I test?

 

[Macboatmaster]

AVG had not done the job properly
Malwarebytes has hopefully found it all

AVG failed to do the job properly, otherwise the system could not have been looking for the script if AVG had removed all aspects of the Binkiland etc
do not delete them until you KNOW all is OK

Test it by using it and see if you still get the script pop-ups

If all is OK in a couple of days come back and mark the topic solved by clicking the mark solved button on your post

 

[gregory8391]

Will give it a couple of days and come back to you. Thanks for all your help.

 

[Macboatmaster]

Cheers
You are welcome
Often in Stockport area years ago
Strawberry ? a pub on the A6 cannot remember the name now - as I am going back 30 yrs or so