boot time scan, unable to find the source

I'm running Windows 7 Ultimate x64, I see what looks like a boot time scan screen between the Windows Logo screen and Login screen.

It's on the screen very briefly, too quick to read properly.

I was running Vipre Beta + Prevx with MBAM on demand.
Vipre ran a scheduled scan on Sunday and said a condition occurred that required a reboot, all the scan had detected was a few cookies. I rebooted and it ran a boot time scan, it didn't find the files.

I've removed the Vipre beta yesterday, but it made no difference.

I had also installed Hitmanpro a few days before and have removed it today trying to find the source. I might add the hitmanpro uninstall leaves many files and some registry keys behind.

Any ideas how to find out the source?

Edit:
I just found SBBD.exe in Windows/system32

And this in the registry:
PDBoot.exe
autocheck autochk *
SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Sunbelt Software\VIPRE\Definitions

 

I don't believe VIPRE's boot time scanner could run after VIPRE has been uninstalled as it has no definitions or other components. We also haven't seen any other reports of this previously. As this is a beta I suppose anything is possible so it would be a good idea to double check. As you noticed, sbbd.exe is located in system32. You can try renaming this file and see if this resolves the problem. If the boot time scanner were set to run you could also edit a value in the registry to prevent it from running. Look in the location in the registry where the boot time cleaner is registered, and remove the entry for sbbd.exe:

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager

ValueName - BootExecute

Note that this is a multi-string value, so remove only the section that refers to sbbd.exe.

 

Thanks Nick, that has solved it.

I deleted sbbd.exe and removed the registry reference to it.

As far as I could see it was trying to run, but failing. I should also mention it was doing that while Vipre was still installed too.

 

Thanks for letting me know. I'll let the beta team know so they can look into this.

 

Cybergary,

I just wanted to let you know that I also looked into what could cause the boot time scanner to be run when only cookies were detected. I was able to reproduce this once I had installed Prevx alongside VIPRE. Prevx apparently has an option to protect cookies. When this option is enabled this will cause VIPRE to be unable to remove the cookies and require a boot time scan to complete the removal. Disabling this option in Prevx will prevent the boot time scan from being necessary. If another software you were using is also protecting cookies this could also cause this problem.