If you have ProcessExplorer, maybe grab a stack trace and see where the request originated from?  Run Fiddler2 in MITM-attack mode and see what it's sending?

It's possible that it's not the official client technically making this connection anyhow, perhaps there is a DLL inside the process that is initiating this action.  Your anti-virus/anti-adware up to date?