Think I'm clean, but checking to make sure!

I'm pretty vigilant and practice "safe computing" making use of a VMWare Workstation to test unknown/questionable software first. I'm using Avira Free Antivirus 2012 and MBAM Pro for protection on Windows 7 Home Premium x64 (with all current updates installed). One weak point I'll admit to is using the default Windows 7 Firewall. I'm considering installing a free firewall such as Comodo or ZoneAlarm...

What triggered my concern was a security breach with my Live ID account. While I don't use it often nor have any personal info (contacts, email, etc) tied to it, I still was concerned. After the discovery, I changed my password, security question and made sure it didn't have alternate email addresses associated with it. Thought all was ok, but followed up with requesting a list of the IP addresses that accessed my account. I noted after my initial security changes that several strange IP addresses appeared to have logged in about a week or so later. I checked and changed everything a second time and requested a new IP log which was clean. These apparent unauthorized logins had me concerned the security issue was on my end.

So here I am. I've run through all steps in the "READ & RUN ME FIRST MALWARE REMOVAL..." post. All came up clean from what I could see, though wasn't sure about some of the findings. RogueKiller's registry entries appear ok, but would like another opinion. Also unsure about MGTools findings... One note on the MBAM quarantine - what was found months ago and quarantined was PUP.Funmoods registry remnants I think from an accidental toolbar install.

Sorry for the long message, but want to be complete. Want to make sure I'm fully clean - my scans (along with other tools too) make me think so. Thoughts on what might have occurred with my Live ID account on my firewall situation are also appreciated! Back of my mind I'm wondering if I need to monitor outgoing traffic but that might be an extreme reaction.

Thanks much and hope I attached everything required!

 

Thanks for the review and confirmation.

And yes, makes sense to use another pc to change the password given the chance of being infected. In this case my system was clean, so any ideas how these later logins could have occurred? As mentioned, I was concerned that something undetectable was still residing on my pc. But given no other evidence (no other accounts or passwords had been compromised or showing unusual activity), I figured it had to have been on the MSN side.

Again thanks!

 

The chronology is I noticed with my MSN Live ID account, contacts added (had none at the time) and a change to my user nickname so I changed my security question and password. I requested an IP log to see what IP's had logged in. I received that about 2-3 weeks after the security changes to combat the new contacts/nick change. It showed unknown logins about 1-2 weeks after these security changes. At that point I changed my password and security question again and requested a new IP log. It came about 10 days later and was clean. I've requested a third updated log just to be sure there truly isn't any new unknown/unauthorized logins (am still waiting for it).


Should I even be considering trying to monitor outgoing network activity or anything like that? Unfortunately I figure it can be hard to analyse and detect unusual activity. Plus in checking, it appears it was only the MSN Live ID profile that was compromised. And my system has always shown clean in all scans with bunch of various malware detection tools prior to and including the scans done for this thread. So I'm leaning towards it being on the MSN side and ok on my end. I know difficult to answer, but think I'm ok but always like the pro's opinions!

Thanks!