What the hell is wrong with M$ paint?

Every time I try to save something on paint, it tries to connect to some random ip, eg 69.94.107.14, though the last number varies slightly (~10-50).  It would be less annoying if it didn't take 5 minutes for paint to do this.  Strangely, nothing irregular happens if I pull my network cable.  Any idea what's going on?  That ip doesn't seem very suspicious.

Is there a default copy of mspaint.exe I can compare with?

Thanks for your thoughts,
inb4 trojan

>>9
Some AVs might do the job, but only if it's a known threat. I can't say much about them as I never use them myself. I just pop it up in a debugger and see what it does and if it's bad or not. Let me try and do something more newbie friendly which doesn't require knowledge of internals:
1) Run hijackthis, post log.
2) Run GMER, all settings on, post log.
3) Run Memoryze and generate a log.
4) You may also post a sample of MS Paint, if you suspect the executable has been infected (this might not be the case, if some other process injects code into MS Paint at runtime).
Or don't do any of those as this is not /prog/-related.
OP, how do you know it tries to connect some place when you use MS Paint, and how did you confirm this? Can you reproduce this unusual behaviour?
HIBMMT?