I recently ran FSS on my PC and noticed a few files that did not have legitimate MD5 hashes. Below is the full FSS log:
Farbar Service Scanner Version: 27-06-2013
Ran by Trevor (administrator) on 18-08-2013 at 12:42:58
Running from "C:\Spike's Files\OpSec"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
Localhost is accessible.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Firewall Disabled Policy:
System Restore Disabled Policy:
Windows Autoupdate Disabled Policy:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
[2013-08-17 11:40] - [2013-07-06 02:03] - 1910208 ____A (Microsoft Corporation) DB74544B75566C974815E79A62433F29
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
[2013-08-17 11:41] - [2013-07-09 01:46] - 0184320 ____A (Microsoft Corporation) 6B400F211BEE880A37A1ED0368776BF4
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 22:22] - [2013-05-27 01:50] - 1011712 ____A (Microsoft Corporation) 7CBB1D4D13DC62D7F529D87151FD3CD3
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Note, I have run AdwCleaner, TDSS, MBAM, MBAR regularly on this computer with no malware found going back months (in addition to passive AV and firewall programs). However, I did have an incident a few weeks back when upon turning on the computer I got an error message stating that the 'device could not be read' (I.e. the hard drive could not be accessed). I used Windows Repair to fix the problem(s) and was able to run the computer normally. In addition, after running FSS today I ran 'sfc /scannow' in the command prompt with admin privileges but it found no issue(s).
Thank you for your help.