I used Everything, a nice file finder, which found only two entries, both dated 16July2016; the first one ends thus: `d1512fab13'. Is that meaningful?Okay so I once had a bad reparse point on a system, a few years ago, and remember I manually found it and removed it.
Do me a favor and try this:
Using Agent Ransack, search C:\ for the first one: cmitrust.dll
My system found four, one of which is the one listed in your RKILL log.
Hover your mouse over that one and right-click, selecting Properties.
Now put your mouse cursor into the Location, and use the right arrow on the keyboard to go through the entire path. Stop when it gets to the end ("...d239dd") and see if there is anything further.
Is there anything past where it should end? I can't recall what the reparse point looked like in my system.[
That seems a bit scary, but your suggestion of asking at Bleeping Computer seems to be a good one.If there is something further in the Location, that is the reparse information. Seems to me, I recall removing that remaining information and it got rid of the reparse point. Since you have an image from a few days ago to fall back on, you could try this. (EDIT: I am not sure that this is the correct method, but it seemed to work for my system.)
The other option I can suggest is Tweaking.com. I read from the developer in 2015 he intended to put a "reparse fix" in his tool.
Now, a word of warning: if you use this tool, ONLY use the reparse portion of it - nothing else. People have totally borked their systems doing everything at once. If you would feel more comfortable, start a thread at Bleeping Computer, post your RKILL log, and ask for assistance using the tool. Like I said, I have not used it, and so can offer no guidance, but their people are trained on everything they offer for downloads, so someone there will be able to guide you through it. If you decide to go this route, please post the link here to your thread, so we can watch it.
Tweaking.com - Windows Repair Free/Pro
I'm wondering if a good-old-fashioned CHKDSK would detect and possibly fix any broken reparse points?
It would need to be run from an elevated command prompt, and I suggest starting by just running CHKDSK with no options and seeing what it says- copy and paste back here perhaps?
In everything the user would have to Exclude showing hidden files, as its on by default. It will find ANY file anywhere, if its allowed too.
Please do try that @Not Myself.
In case you did not notice, I don't know much about Macrium; in fact, all I have ever done with it is to set it up and let it run backups. I don't even know what restoring that image would do; that is, just how much it would restore.