It's a percent-encoded hexidecimal, which Apache will convert into an actual character when processing. Checking ascii(7) (or ascii(5) on Solaris; yay standardization):
Oct Dec Hex Char
--------------------------
000 0 00 NUL '\0'
001 1 01 SOH
002 2 02 STX
003 3 03 ETX
004 4 04 EOT
005 5 05 ENQ
006 6 06 ACK
007 7 07 BEL '\a'
010 8 08 BS '\b'
011 9 09 HT '\t'
012 10 0A LF '\n'
013 11 0B VT '\v'
014 12 0C FF '\f'
015 13 0D CR '\r'
So, it's a '\r' character, which is a carriage return (CR). If you're getting tons of them, it could be an attempt to flood your server with invalid requests. I've seen buggy load balancers forward invalid requests similar to this when trying to protect sites from SYN attacks (no, really!), or it may just be that somewhere, a browser has lost it's mind and is stuck in a loop. If this is still going on, my advice is to block the offending IP address and contact the owner of that IP address and inform them of the situation (you may wish to do that anyway; they'll want copies of the relevant portion of your access logs). If this is Linux, you can use IPTables to block the IP; if it's Solaris, you can blackhole the route:
route add $bad_ip 127.0.0.1 -blackhole
...or, you could just ask your network folks (if you have network folks) to block the IP at the edge. Note that while you /could/ block this with an Apache configuration, that won't stop Apache from having to process the request, so you don't really save much.
