I got this detection by MBAM on my XP machine yesterday:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe (Security.Hijack) → Quarantined and deleted successfully.

I think this is the filename for AIS firewall service. Thing is, I uninstalled avast firewall about three months ago.

Scans by avast, MBAM and SAS all show clean now.

Any ideas?
Thanks

For what it was worth I would have left the original topic where it was and not created a new topic.

I would have left it alone (ignored) and reported it as a false positive to MBAM, which it clearly is, for a security application to be considered a security.hijack.

• MBAM False Positive reporting - http://forums.malwarebytes.org/index.php?showforum=42.

Thanks David.

That was my first thought - but a google search couldn’t find anyone else reporting the same issue, when I might have expected thousands given the popularity of the products.

As I said, I actually uninstalled avast firewall about three months ago - so perhaps I have an old leftover registry key that didn’t uninstall, and that explains my solitary detection?

Well as said, FP, nothing else. Run the avast removal tool if you want to make sure there are no drivers and other leftovers left.

Yes - next time I see an interesting beta that I want to try I’ll run aswclear before installing.
Thanks