A few people have posted over at Castle Cops about this site generating an alert from NOD 32, hXXp://www.doodling.org.uk/startups/bad_startupsall.htm. You can see the talk at Castle Cops here. There's a link to a screen shot of the alert a few posts into the topic. I've submitted the file to Eset using the internal submit for analysis in NOD 32. The alert is listed as a BAT/generic trojan, which sounds like a heuristic detection. Thanks for looking into this.