Spotted it today, a dg834g netgear router was accessed by some malicious
software which followed a limewire download. The software logged onto the
router (using default password) and changed dns settings from automatic to a
set of manual addresses.

The consequence was, of say a google search, any link had a results5 prefix.

The standard fix for results5 infections was the tdds killer etc, of course
no good here as the source of the problem was hte router.

removed the dns addresses, changed the password on the router and flushed
the dns cache of the connected machines.

First time come across this.