someone installed something on their pc that is causing a bunch of 'FORWARD packet died' messages to their ip in syslog on the router pc, questioned them and they're not sure what it might be, what can i do to track down whatever it might be?

sample message follows
Jun 5 14:29:47 computer kernel: FORWARD packet died: IN=eth0 OUT=eth1 SRC=64.9.216.1 DST=xxx.xxx.x.xxx LEN=1424 TOS=0x00 PREC=0x20 TTL=113 ID=31595 PROTO=UDP SPT=5004 DPT=2212 LEN=1404

whois 64.9.216.1 says "OrgName:Online Technologies Corp." some place in Ann Arbor, MI that says they're "Leading Provider of IT Disaster Recovery and Internet Infrastructure"

i can post additional additional information as necessary, tia