What the hell is wrong with M$ paint?

Every time I try to save something on paint, it tries to connect to some random ip, eg 69.94.107.14, though the last number varies slightly (~10-50).  It would be less annoying if it didn't take 5 minutes for paint to do this.  Strangely, nothing irregular happens if I pull my network cable.  Any idea what's going on?  That ip doesn't seem very suspicious.

Is there a default copy of mspaint.exe I can compare with?

Thanks for your thoughts,
inb4 trojan

>>4
If your box is already owned by something, it's not hard for some malicious code to inject itself into any random application at runtime. Most of the time the code can reside in any application, such as services and code which runs as SYSTEM. Why it would choose MS Paint, I wouldn't know. It wouldn't be hard for me to debug such an issue if I had access to your system live, but this is hardly /prog/-related. If you have no idea what to do, you could go to /g/ which will probably tell you to delete SYSTEM32, or if you know what to do, go get a usermode dbugger, attach it to MS Paint, set a few breakpoints to the network access APIs, or scan the memory for possible executable code which does not belong to any module, and investigate from there.

tl;dr: not /prog/-related