DavidR
5
Well I have no idea why this toolhelp32.exe would need to access this site/IP 89.187.53.210 and presumably set a cookie; something I would consider suspicious.
Avast obviously considers this IP (in Moldova, see image) malicious and so woul I given that it is being accessed from a file in the system32 folder.
Whilst you have googled the toolbox32.exe file name and get results saying it is essential, I also see hits that say it has been associated with cracks and possibly malware. However, the file name in the alert is toolhelp32.exe not toolbox32.exe of the topic title.
Find this toolhelp32.exe file and right click on it and see what information it has, e.g. company name, application name, etc. ?
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.