[SOLVED] Problems with Sfc.exe

[Lanneret]

Hi - help needed:
System: Windows 7 Home Premium Service Pack 1 64-bit


Problem that started it all was Win Explorer acting oddly, had two instances of all desktop icons disappearing. Thought at first it was third party GUI enhancement software, but eliminated that. Wanted to check system files for corruption, so tried to run sfc.exe.


I am having difficulties getting sfc.exe to correct suspected corrupt system files. Have tried from elevated command prompt as well as booting from HP repair disk (created from this system) and from downloaded .iso (Win7_HomePrem_SP1_English_x64) burned to DVD. From elev. cmd prompt I consistently says Verification 100% complete but refuses to correct anything: "Windows Resource Protection could not start the repair service".

---------------------------------------


I then ran CheckSUR Scan
CheckSUR log:
Checking Component Store
(f) CSI Missing Winning Component Key 0x00000000 amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2 Error deleting winners map value.


Summary:
Seconds executed: 201
Found 16 errors
CSI Unexpected Failure Total count: 8
CSI Missing Winning Component Key Total count: 8

--------------------------------------------------------

Ran SFCFix without much success - here is log:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-05-08 18:55:39.830
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.




AutoAnalysis::
CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
CORRUPT: C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 2
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 0
SURT total detected corruption count: 16
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.


Failed to generate a complete zip file. Upload aborted.




SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-05-08 19:00:38.204
----------------------EOF-----------------------


------------------------------
My CBS folder was zipped up after the above operations and is on Google drive:

CBS.zip - Google Drive

--------------------------------



I have used sfc going back to XP, but tried running DISM.exe for the first time after googling what to do when sfc.exe fails. I really don't want to do a format and reinstall. If all else fails, I'm considering trying a non-destructive restore of the system files but would really like to repair sfc.exe and correct the corrupted files. Any help appreciated.

 

[Sysnative Windows Update]

Hello and welcome to Sysnative!


SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

SFC Scan

1. Click on the Start button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following commands into it, press enter after each
   
   sfc /scannow
   
   Wait for this to finish before you continue
   
   copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

 

[Lanneret]

Here is content of SFCFix.txt:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-05-10 16:21:52.923
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\dbridges\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll
Successfully took permissions for file or folder C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll

Successfully copied file C:\Users\dbridges\AppData\Local\niemiro\Archive\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll to C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll.
Successfully copied file C:\Users\dbridges\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll to C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll.

Successfully restored ownership for C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll
Successfully restored permissions on C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll
Successfully restored ownership for C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
Successfully restored permissions on C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2018-05-10 16:21:56.308
Script hash: skr6+GtcWwkpAAE3/ni7rvJ8Aupeody4kz/BsSJQm8w=
----------------------EOF-----------------------

I have uploaded "cbs.txt".

------------------------------------------------------------------------

Hello and welcome to Sysnative!


SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

SFC Scan

1. Click on the Start button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following commands into it, press enter after each
   
   sfc /scannow
   
   Wait for this to finish before you continue
   
   copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

 

[Sysnative Windows Update]

Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Open an elevated Command Prompt and try SFC Scan just like you have in the past.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.

4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log

 

[Lanneret]

OK, softwaremaniac....I really appreciate your help. "CBS.zip" is attached. "Logfile.zip" is on my google drive:

Logfile.zip - Google Drive

Thanks again !

Hi - help needed:
System: Windows 7 Home Premium Service Pack 1 64-bit


Problem that started it all was Win Explorer acting oddly, had two instances of all desktop icons disappearing. Thought at first it was third party GUI enhancement software, but eliminated that. Wanted to check system files for corruption, so tried to run sfc.exe.


I am having difficulties getting sfc.exe to correct suspected corrupt system files. Have tried from elevated command prompt as well as booting from HP repair disk (created from this system) and from downloaded .iso (Win7_HomePrem_SP1_English_x64) burned to DVD. From elev. cmd prompt I consistently says Verification 100% complete but refuses to correct anything: "Windows Resource Protection could not start the repair service".

---------------------------------------


I then ran CheckSUR Scan
CheckSUR log:
Checking Component Store
(f) CSI Missing Winning Component Key 0x00000000 amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_882c42cee4e7ea43 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_d7585f6ff4959666 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_8fab2898e0196d60 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_643e18eddbf60d95 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_cfd979a5f9641349 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8 Error deleting winners map value.
(f) CSI Missing Winning Component Key 0x00000000 amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2
(f) CSI Unexpected Failure 0x00000005 14.0.25325.0 amd64_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_6bbcfeb7d72790b2 Error deleting winners map value.


Summary:
Seconds executed: 201
Found 16 errors
CSI Unexpected Failure Total count: 8
CSI Missing Winning Component Key Total count: 8

--------------------------------------------------------

Ran SFCFix without much success - here is log:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-05-08 18:55:39.830
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.




AutoAnalysis::
CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
CORRUPT: C:\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll




SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 2
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 0
SURT total detected corruption count: 16
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.


Failed to generate a complete zip file. Upload aborted.




SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-05-08 19:00:38.204
----------------------EOF-----------------------


------------------------------
My CBS folder was zipped up after the above operations and is on Google drive:

CBS.zip - Google Drive

--------------------------------



I have used sfc going back to XP, but tried running DISM.exe for the first time after googling what to do when sfc.exe fails. I really don't want to do a format and reinstall. If all else fails, I'm considering trying a non-destructive restore of the system files but would really like to repair sfc.exe and correct the corrupted files. Any help appreciated.

 

[Sysnative Windows Update]

Can you go to: C:\Windows\System32\SearchIndexer.exe. Right-click it, go to the Security tab and verify that TrustedInstaller has everything set to allow except Special Premissions. Ideally provide screenshots of every user's status.

 

[Lanneret]

OK, obviously the settings shown in screenshots are incorrect - should TrustedInstaller have ownership ? ?

Can you go to: C:\Windows\System32\SearchIndexer.exe. Right-click it, go to the Security tab and verify that TrustedInstaller has everything set to allow except Special Premissions. Ideally provide screenshots of every user's status.

 

[Sysnative Windows Update]

Run Windows Repairs

1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.

10. Please click the Unselect All button and then click to enable only the following ones:

Reset Registry Permissions
Reset File Permissions
Remove Policies Set by Infections


11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
​

 

[Lanneret]

OK, after running Repair_Windows.exe and a restart, the properties of SearchIndexer.exe remain unchanged:

 

[Sysnative Windows Update]

Can you click on Edit Permissions and take a screenshot of the options for both Administrators and dbridges?

 

[Lanneret]

When I click on the Owner tab of the Adv. security settings of SearchIndexer.exe and then choose edit, I can't look at any options for either Administrators or dbridges (see screenshots):

 

[Sysnative Windows Update]

Can you create a test user account with admin privileges, log in and try SFC from there?

 

[Lanneret]

OK, I created test user account with administrator privileges and ran sfc scan with same result - Windows Resource Protection could not perform...etc. Have uploaded new cbs log as cbsnew.zip.

Can you create a test user account with admin privileges, log in and try SFC from there?

 

[Sysnative Windows Update]

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

SFC Scan

1. Click on the Start button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following commands into it, press enter after each
   
   sfc /scannow
   
   Wait for this to finish before you continue
   
   copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

 

[Lanneret]

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-05-11 21:43:46.757
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\dbridges\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\windows\Sysnative

Failed to read file attributes for file C:\windows\System32\SearchIndexer.exe.
Failed to copy file C:\Users\dbridges\AppData\Local\niemiro\Archive\System32\SearchIndexer.exe to C:\windows\System32\SearchIndexer.exe with error code ERROR_ACCESS_DENIED.

Successfully restored ownership for C:\windows\Sysnative
Successfully restored permissions on C:\windows\Sysnative
PowerCopy:: directive failed to complete successfully.




Failed to process all directives successfully.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2018-05-11 21:43:53.060
Script hash: p0XTVckchOe4I11z4I4k/lzM2GsFtz/4VGdJW7+XcJA=
----------------------EOF-----------------------

cbs zip file attached.

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

SFC Scan

1. Click on the Start button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following commands into it, press enter after each
   
   sfc /scannow
   
   Wait for this to finish before you continue
   
   copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

 

[Sysnative Windows Update]

I need to see SFCFix.txt as well.

 

[Lanneret]

sorry, here it is..

Also noticed that 3 files in C:\Windows\System32 have much newer file modified dates than all the others:

 

[Sysnative Windows Update]

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop (you may use the one you already have downloaded).
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
6. Also, please attach the file named perms that is located on your desktop.

 

[Lanneret]

As requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by dbridges (12-05-2018 10:12:20) Run:1
Running from C:\Users\dbridges\Desktop
Loaded Profiles: dbridges & AdminX & test_user & Administrator (Available Profiles: dbridges & AdminX & test_user & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: icacls C:\windows\System32\SearchIndexer.exe
cmd: icacls c:\windows\System32 /save %userprofile%\desktop\perms
*****************


========= icacls C:\windows\System32\SearchIndexer.exe =========

C:\windows\System32\SearchIndexer.exe: Access is denied.
Successfully processed 0 files; Failed processing 1 files

========= End of CMD: =========


========= icacls c:\windows\System32 /save %userprofile%\desktop\perms =========

processed file: c:\windows\System32
Successfully processed 1 files; Failed processing 0 files

========= End of CMD: =========


==== End of Fixlog 10:12:20 ====

 

[Sysnative Windows Update]

This is a tough one.

1. Download Process Explorer from here
2. Open Process Explorer, running as administrator.
3. On the toolbar, find the gunsight icon on the right (shown highlighted in the figure shown below).
4. Drag the icon and drop it on C:\windows\System32\SearchIndexer.exe that is locked.
5. The executable that is using the file will be highlighted in the Process Explorer main display list.

Let me know which executable is identified.