ProcMon.exe tells me that many different processes including ones owned by standard users, admins, and the SYSTEM user are receiving "ACCESS DENIED" error results when trying to read "C:/$Extend/$Reparse:$R:$INDEX_ALLOCATION".
Google returns nothing useful from MSDN, but i assume these are NTFS or Windows Search folders. What processes need to be able to r C:\$Extend? w? x?
Set the ProcMon.exe filter to include contains "C:\" for path and include contains "ACCESS DENIED", but exclude "SUCCESS" for results.