While debugging some problems with a VPN using a packet sniffer I noticed some suspicious DNS queries. I have managed to determine that these queries only occur the first time a client connection to a VPN server is made after booting.

Within the first 30 seconds after the VPN is established, my computer issues DNS queries for "www.sexcluster.com", "www.dvd-explorer.com" and "tgp.collegebadgirls.com". The DNS server replies with IP addresses for these sites. Continuing to monitor the network does not show any traffic between my computer and these addresses, although I may not have monitored long enough.

I have another PC which shows the same behavior, but with different porno website names. Again, I only see DNS lookups, no traffic.

My other 3 PCs on my LAN do not exhibit this behavior, so it is apparently not infectious.

SpyBot 1.5.2 does not report any problems. I ran the beta rootkit tool and it also shows no problems. AVG antivirus 7.5.519 does not report any problems. I've deleted all IE cookies, but the behavior persists.

Does this sound like a virus/spyware to you?

Thanks for your help, and also for your great SpyBot product!