Clean Windows 7 system

Unfortunately, at a Senior Moment time, I did properly the stupidest thing one could image by allowing what I believed to be a "valid" call from Windows Live Team to fix problems on my PC.
I've managed to change most of my user names and passwords and have discontinued any online financial activities. However, I am unsure if my Win 7 machine is cleaned. Every time Windows launches I am now required to enter in a password (this small app came from the Windows Live Team and I need to delete it somehow), I have scanned my system for viruses and malware and removed Team Viewer for now. I do have a backup prior to all this that is safe. I thought I had an image also but I did not prepare that correctly (my fault). Is there any software that will scan my system and clean it of any intrusion software still lingering? If run CCLeaner as well as Hitman also. Help here would be greatly appreciated in hopes of not having to wipe the system and start over.
Frank FreeseAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you ran a normal antivirus and antimalware scan and found no baddies I suggest your system is clean.  

DO NOT use CCleaner.

"(this small app came from the Windows Live Team and I need to delete it somehow),
I do not understand.  What "small app"?
If you mean Team Viewer look in Control Panel|Programs and Features?  If it is in the list you should be able to right click|Uninstall.

Otherwise use Revouninstaller.

However, I see no reason to think Team Viewer is malware

Maybe someone else phoned you.
Frank FreeseAuthor Commented:
I have not located the small app I referenced. It runs some time when Windows 7 is launching but before I log in. Is there something in the registry where that could be? I simply uninstalled TeamViewer for now.
Run AutoRuns to try to find that app.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

JohnBusiness Consultant (Owner)Commented:
I suggest the following in addition.

Remove Internet Explorer (Programs and Features, Windows Features). Restart after this.
Run SFC /SCANNOW from an admin command prompt twice. Exit from SFC.
Do a FULL scan with your own anti virus software - could take 90 minutes or more. Delete quarantined items.
Download and install Malwarebytes from Let MBAM run until done (90 minutes or more). Delete quarantined items. MBAM will ask to restart to complete the cleanup and so do that. It will start up again. Let it finish and delete what it tells you.

Now go back to Windows Feature, add back IE, and restart.

Are you getting the pop up after these steps.
Frank FreeseAuthor Commented:
I'll look at this tomorrow -  thanks
in such cases - backup what you can and do a fresh install - and be sure to delete all partitions before reinstalling; here a guide for W7 install :

if you want to be absolutely sure the disk is clean - run dban on the drive
The way these bogus "Windows Support" telephone calls usually work is that somebody (often with a strong Indian accent) tells you that you that they have been monitoring your computer and they have detected malware.  They instruct you to go to the Team Viewer website, download Team Viewer and install it, then enter a password and divulge it to them so that they can remotely access your computer.  Once connected, they either run a bogus malware program that shows hundreds of fake red "detections", or they open the Windows Event Viewer window which invariably contains loads of yellow exclamation or red X errors against odd named processes that are quite normal for any Windows PC.

Once they have you suitably alarmed, they ask you to pay something like $300 to "fix" your computer.  If you don't immediately cough up your bank details, they will try to wreck your computer by running various commands, deleting essential folders, encrypting your files and trying to hold you to ransom to get them unencrypted, and so on.  If you provide your bank details to pay them, they often take the opportunity to install malicious software and fiddle around pretending to run a malware scan and removal.

There is an audio podcast by the security company Sophos here:

More info here:

So, in the end, you have little way of knowing what data they may have acquired or tampered with, what programs they may have changed, deleted, or installed, and you have no real way (unless you are quite a technically minded person) of knowing whether they can return and connect with your PC again.  Unless you cancel all your bank accounts or put blocks on them, you risk having more money drawn from it.

It could be that the only thing left on your computer is Team Viewer, but on the other hand it could now be riddled with loads of nasty programs.  The best option is to backup your personal files to another drive where they can be scanned for viruses, then wipe the drive and reinstall Windows from scratch.  Anything less than that is risky.
Try a System Restore to a time before any of this started.
You have nothing to lose.

What happens when you login with the password the "small app" requires?  Can you post a screen shot of the log in window?
Frank FreeseAuthor Commented:
Only system restore was after the event.
I need to think of a way to make a screen shot.
use a camera !
but i fear you'll loose much time trying all possible suggestions - and end up with a fresh install, as i suggested
A Repair Install is a little less painful to recover from compared to a fresh install.  You should not lose personal data or installed programs.
Frank FreeseAuthor Commented:
Here's the startup message, if that helps
startup message
Thanks for the screenshot.
It does look as if you still have some malware.   It involves SysKey.
Section 6 of this reference suggests a way to remove the need for the password.

What happens when you enter the normal windows password?
It is strange that your friend is not getting any ransom message.

If no help remember Repair Install.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Frank FreeseAuthor Commented:
They gave me the password. It is not normal windows password
I actually stop them before they could complete everything.
Frank FreeseAuthor Commented:
A lot of great help here. jcmarron solution solved my log in problem so I'm going to go with his solution. Again, thanks to all
Frank FreeseAuthor Commented:
thank you kindly
You are welcome
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.