Ok, another potentially long post, so please bear with me here if you’re interested in reading
Over the last week or so I noticed that my Custom C drive scan and even a Full scan showed the message “We were unable to scan some files but no threats found” or something. After uninstalling and reinstalling Avast a couple of times over the last week, My scheduled C drive scan came up again with the same message. So, I looked at the scan log and found this in the scan log
C:\Users\User\AppData\Local\messenger-updater\pending\update.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\nsProcess.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\messenger-updater\pending\update.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\nsExec.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\messenger-updater\pending\update.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\WinShell.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\messenger-updater\installer.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\nsProcess.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\messenger-updater\installer.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\nsExec.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\messenger-updater\installer.exe|>$R5\Uninstall Messenger.exe|>$PLUGINSDIR\WinShell.dll [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\Spotify\Data\61\61942817862b32418f523e9864184608c3678904.file|>°¦o£#pW#E`åä¼P*àx¦Q(¦u|¤-¦Eae-8nG=·¦èÿÑ{ê6[+,5m»GGEæºì¦¦af«xåNX1äeü+£aeÇ+üä¦ñ9+)+¼û-K¦É7xtî3 [E] Error 0x0000A47E (42110) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\0377c85a-68b1-497a-ac07-099d6d72049a\855af346e790b114_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\0377c85a-68b1-497a-ac07-099d6d72049a\1c988803d951f3d3_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\f0719b5a-9b0e-482d-a399-8991307c3bd0\55c0cf2ac8b38053_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\6e47d9c3-05d6-4247-bdc9-17bca9b0d5ac\9a5a1f19522369f9_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\0377c85a-68b1-497a-ac07-099d6d72049a\5ae03f3d1bc3151d_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\6e47d9c3-05d6-4247-bdc9-17bca9b0d5ac\c144ca4e9e4c5ad0_0 [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8cbb992fe0cd9ef960e69a214646bd270516a23e\6e47d9c3-05d6-4247-bdc9-17bca9b0d5ac\ecee1078b301da8f_0 [E] The system cannot find the path specified (3)
The “System cannot find the path specified” errors i’m not too concerned about as my slightly educated guess is that those were temp files that were established at the start of the scan and then cleared out during the scan and thus Avast couldn’t find. The first seven though are what I was curious about. I googled that error code and found that it denotes a decompression bomb. There are plenty of posts online, including many on this forum, that basically say it could be dangerous if they’re unpacked but a lot of the time they’re a relative nuisance and won’t be an issue.
To be sure, I scanned that Spotify subfolder to make sure it would be picked up again, and it was. But when I went to the above file paths, the specific files weren’t there. Under the messenger-updater folder, the “Uninstall Messenger.exe” file wasn’t there, even with hidden folders and files on in the file explorer settings. The path basically ended at update.exe and installer.exe in both cases, respectively.
I scanned those folders as well with Malwarebytes and it didn’t find anything.
So, I delete the messenger-updater folder as this is regarding Facebook messenger that I don’t have on my PC anymore (I downloaded it briefly before uninstalling it maybe a couple of years ago) and thus didn’t need 'em anymore, and then I uninstalled Spotify which got rid of Spotify folder in AppData. Restarted my computer and did another C drive scan. That produced the same “Some files couldn’t be scanned” error. I look at the log and see these
C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f47de834-d8d9-4232-8ac4-de3947b81b49}\0.0.filtertrie.intermediate.txt [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f47de834-d8d9-4232-8ac4-de3947b81b49}\Apps.ft [E] The system cannot find the path specified (3) C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f47de834-d8d9-4232-8ac4-de3947b81b49}\Apps.index [E] The system cannot find the path specified (3) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe [E] The system cannot find the path specified (3)
The same “System cannot find the path specified” on files that may have been cleared out, although the “AM_Delta.exe” file not being found is curious but I digress.
This morning, I decide to run the scan again, but before I do the DISM.exe Restore Health and sfc /scannow commands to make sure there are no corrupted system files that could be causing any errors. Then, I run the same scan a third time just now. I get the same “Files can’t be scanned” from Avast, check the logs, and it’s different again, but with a worrying addition
C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100702\7ac24f04-340f-45ab-a09e-835d9a7eb49e.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100701\f8b685ce-e489-4a1c-90d3-a4595eb38a92.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100621\14fd8ba6-5e93-4622-a34a-6b7907b3454e.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100623\a404eac6-0648-43a0-bb34-4779f162f4aa.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100620\923e0480-7d65-4918-bddc-415b55af3881.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100700\4216bd34-9eea-4d40-b4d5-8597a12c3d5b.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100622\e7c12898-6907-49e6-87b4-c5c52492872f.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100706\4de6e893-ca5a-454a-bc4d-71a377aa8918.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100705\99edda7b-6586-47d4-955c-f5c849bf11af.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100619\298be701-da55-4008-8889-894a16293376.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100707\e64a37dc-456f-4f59-9650-b5d507841bf6.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100710\dad5b443-f7f0-4061-892b-3780ca8fddce.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100708\580727ee-4b78-4d38-9594-9c13c0f4238b.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100709\59b12f23-89be-482c-8582-1f1c360aaf30.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100704\cb47bf22-c71b-4616-a40e-fa15cf95d4f8.csv [E] The system cannot find the path specified (3) [b]C:\Windows\WinSxS\Temp\InFlight\b23a31762bf9d9012608000074047422\7d5631762bf9d9012708000074047422|>ext4.vhdx [E] Error 0x0000A47E (42110)[/b] C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\SystemStateMonitor\2023100703\f114c95c-7414-4c1c-a625-d573f77f8011.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\PnPDriver\20231006\602c1649-b7fb-41d0-b469-e6ddf45f978d.csv [E] The system cannot find the path specified (3) C:\ProgramData\HP\HP Touchpoint Analytics Client\Provider Data\PnPDevice\20231006\9677a1f5-91c5-4afb-910e-e5e4c4ca18a8.csv [E] The system cannot find the path specified (3)
So I get the error on a different folder this time. I know the WinSxS folder is where system files for backup and recoveries are stored. And the fact that it’s in the Temp subfolder of WinSxS leads me to believe that at some point that file will no longer exist.
However, what’s concerning is that this Decompression bomb error is flagging in different parts of my computer. So my mind immediately goes to consider whether I have a virus or some other thing that’s moving around a Decompression bomb to various areas of my drive and that one day a program will attempt to open it and then my system is overloaded. The fact that less than two days ago it was in my Spotify folder also worries me as I use Spotify fairly regular on my laptop. I have also seen in several places, including here, that a Decompression bomb is harmless and Avast could be flagging these as false positives.
I sincerely thank anyone who read through this entire thing, but perhaps someone who did can provide more insight on this, if they’re familiar with this kind of error and why it would be flagging?