Suspicious behaviour: Helpctr sending to to 10.0.0.6 ??

I get this message:
Description: Suspicious Behaviour (HelpCtr.exe)
Application: C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
Parent: C:\WINDOWS\system32\rcimlby.exe
Protocol: TCP Out
Destination: 10.0.0.6::ms-rdp(3389)
Details: C:\Program Files\MSN Messenger\msnmsgr.exe has tried to use C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe through OLE Automation, which can be used to hijack other applications.

What in the world would try to send to this IP Huh my net is 192.168.1.x all the way…
MSN messenger gives me more of thos “suspicious” messages on other IP’s too… port 1863, e.g.

And what would an Inbound Policy Violation upnp-mcast on port 1900, destination 239.255.255.250, network control rule ID5, incoming UDP from my router 192.168.1.1 be ?

Based on your other topic (Why would I trust my router (192.168.1.1) ?), I think these might be related… But, since I don’t have a router myself or even know what router you have I cannot be certain.

RCIMLBY.EXE is to do with MS Remote Assistance & MS-RDP (port 3389) is the Remote Desktop Protocol. So, these fit together… if you were running something like that (?)… the IP 10.0.0.6 might be like that because it hasn’t been set-up correctly, as that IP is an internal Private LAN IP.

MSN is… erm… potentially iffy. I think MSN can invoke RDP or something similar… it’s more of a support tool. But, unless you use RDP then you should really disable that service (Remote Desktop services) at your end.

The UPnP broadcast from your router might have either been provoked by your system (running UPnP) or perhaps thats the method that your router uses for… command & control, if you like. But, unless you use UPnP, then you should at least set it to manual.