C:\Windows\System32\ntoskrnl.exe [0] entry point in “SPINLOCK” section
C:\Windows\System32\drivers\wdfldr.sys [0] entry point in .rsrc section.
This wasn’t showing a week ago. Both files are clean of viruses that I know of. GMER crashes halfway through scanning the computer - or worse, it stalls and takes near to two million KB of memory in the Task Manager - so I’m thinking something might be up.
Did you using the latest version of gmer for both scans? Did gmer say it found possible rootkit activity? Did you update your Windows during this period?
Do both files have a valid Microsoft signature?
The excessive memory usage may indicate a memory leak. Especially because gmer has recently been released to support the 64 bits platform.
I’m using the latest version and have been. No Windows updates during that period. It’s saying it found rootkit activity but I have two reasons to doubt all is that cut-and-dry: the service it’s identified is Google Update, and the one left on my computer after a factory recover at that. It’s set to manual, won’t delete because the Google Updater service has already been uninstalled long ago. Plus, I’m using Rollback RX which is known to trigger false rootkit warnings - although none at all like these. Previous GMER scans with RbRX enabled have been clean.
Both files are signed by “Microsoft Windows Verification PCA” and counter-signed by “Microsoft Time-Stamp Service.”
Removing Rollback seems to have fixed this, although not without freaking me out post-uninstall by dumping me on a black screen with a complete line of random hex codes and refusing to proceed further into Windows until a second manual power-down. I thought the whole drive had been hosed. Stupid subsystem console must not have went out gracefully.