Microsoft using trojans?

[SirSub]

I decided to do a netstat -n just to make sure things were ok, and to my surprise several connections established from 207.68.167.159 running on port 6667 (Sub7). At that instant, I unplugged my cable from the wall, ran a trojan scan, nothing came up. So i checked again, connections still there, so i went to SamSpade.org and used their "Do stuff" Option for that IP. This Came up

dns 207.68.167.159


207.68.167.159 has no reverse DNS configured.



whois -h magic 207.68.167.159
Trying whois -h whois.arin.net 207.68.167.159

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 207.68.128.0 - 207.68.207.255
CIDR: 207.68.128.0/18, 207.68.192.0/20
NetName: MICROSOFT-CORP-MSN-BLK
NetHandle: NET-207-68-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.CP.MSFT.NET
NameServer: DNS2.CP.MSFT.NET
NameServer: DNS1.TK.MSFT.NET
NameServer: DNS1.DC.MSFT.NET
NameServer: DNS1.SJ.MSFT.NET
Comment:
RegDate: 1996-03-26
Updated: 2003-01-15

TechHandle: ZM39-ARIN
TechName: Microsoft
TechPhone: +1-425-936-4200
TechEmail: noc@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com

# ARIN WHOIS database, last updated 2003-07-03 21:05
# Enter ? for additional hints on searching ARIN's WHOIS database.

So then I checked my firewall logs and found this

07/04/2003 01:26:00 Allowed TCP Outgoing 207.68.167.159 6667 192.168.1.100 1751 C:\Program Files\Internet Explorer\IEXPLORE.EXE 1 07/04/2003 01:24:56 07/04/2003 01:24:56 Ask all running apps

My question is, what should I do now that it doesnt show up on my trojan scanner? Try another product? And, is this microsoft thats using it, or is someone just using one of their machines as a decoy (for lack of a better term).

Thanks in advance for any help.