When connected to the office vpn connection user dns requests are redirected to 220.127.116.11! they are trying to access internal resources. The only workaround is to add host file entries. Lookups of genuine fqdn dns addresses still work i.e. www.bbc.co.uk
but all internal server names are sent to Kolmic.com.
There's nothing in the registry, no malware, virus etc. Users are using 4 different ISPs.