[psiAlpha]

There's a startup program that I have disabled that's very suspicious. It's called JDstart. I scanned it online with VirusTotal, here are the results:

a-squared 4.5.0.24 2009.09.03 -
AhnLab-V3 5.0.0.2 2009.09.02 -
AntiVir 7.9.1.7 2009.09.02 -
Antiy-AVL 2.0.3.7 2009.09.02 -
Authentium 5.1.2.4 2009.09.03 -
Avast 4.8.1335.0 2009.09.02 -
AVG 8.5.0.409 2009.09.02 -
BitDefender 7.2 2009.09.03 -
CAT-QuickHeal 10.00 2009.09.02 -
ClamAV 0.94.1 2009.09.03 -
Comodo 2173 2009.09.03 -
DrWeb 5.0.0.12182 2009.09.02 -
eSafe 7.0.17.0 2009.09.02 -
eTrust-Vet 31.6.6717 2009.09.02 -
F-Prot 4.5.1.85 2009.09.01 -
F-Secure 8.0.14470.0 2009.09.03 -
Fortinet 3.120.0.0 2009.09.03 -
GData 19 2009.09.03 -
Ikarus T3.1.1.68.0 2009.09.03 -
Jiangmin 11.0.800 2009.09.02 -
K7AntiVirus 7.10.834 2009.09.02 -
Kaspersky 7.0.0.125 2009.09.03 -
McAfee 5729 2009.09.03 -
McAfee+Artemis 5729 2009.09.03 Artemis!BFCE939704BA
McAfee-GW-Edition 6.8.5 2009.09.03 Heuristic.BehavesLike.Win32.Dropper.H
Microsoft 1.5005 2009.09.02 -
NOD32 4390 2009.09.02 -
Norman 2009.09.02 -
nProtect 2009.1.8.0 2009.09.02 -
Panda 10.0.2.2 2009.09.02 -
PCTools 4.4.2.0 2009.09.02 -
Prevx 3.0 2009.09.03 -
Rising 21.45.14.00 2009.09.01 -
Sophos 4.45.0 2009.09.03 -
Sunbelt 3.2.1858.2 2009.09.02 -
Symantec 1.4.4.12 2009.09.03 -
TheHacker 6.3.4.3.396 2009.09.03 -
TrendMicro 8.950.0.1094 2009.09.02 -
VBA32 3.12.10.10 2009.09.03 -
ViRobot 2009.9.2.1914 2009.09.02 -
VirusBuster 4.6.5.0 2009.09.02 -
Additional information
File size: 174147 bytes
MD5...: bfce939704ba7bc2aaa9e922e9dc4c79
SHA1..: 1d27af17ac3439f63a4d7d41097a81bbe45f37fe
SHA256: 98e6d75bfc643962018d74a7fc99bb45d255634677d97c4f09438c5f3b7597d5
ssdeep: 3072:8YL0xqfjyDymJZiYcovIzqyPo40BEglYtg5mgTtHj5L3HiOZFm:8oBtLovI
qyPo40BTlY+5PLHikFm
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30f1
timedatestamp.....: 0x494ce7e5 (Sat Dec 20 12:41:09 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5c3c 0x5e00 6.44 ca314b02a65f7cd556e9938ef6148f5e
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25c58 0x400 4.80 28b2755506618890839c0d0306912643
.ndata 0x2f000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x38000 0x64e0 0x6600 5.96 4c65e509e49d004098a954a018a0a6c0

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
packers (F-Prot): NSIS


I would like to know what it is and if there are other files in my computer that are related to this one.