There are a number of ways this could be accomplished, some of which we detect via MacHomeAV and some we don't.

The first things to check are:

1. Do you have a proxy set in your Safari preferences?
2. Open your /etc/hosts file in a text editor... it should not haveanything mentioning google or searchdiscovered in it
3. Check your DNS settings in System Preferences->Network->(your network: Ethernet or Wi-Fi)->DNS Server.  OSX/RSPlug and OSX/DNSCha both change the DNS server from one supplied by your ISP to a malicious server that shapes and directs your traffic how THEY want.

It is also possible (especially if your DNS settings point to 10.x.x.x or 192.168.x.x) that an attacker has gone after your network firewall/router, and not your computer.  In this case, you should log on to the device as administrator, check that the device's DNS settings point to the right place (your ISP's DNS servers, Google's DNS servers, or OpenDNS's servers, for example), and if they don't, then change them back, change the admin password on the device, and ensure that the device can not be administered from the internet.

There are many other ways this can be done as well, including replacing your default search page, your default home page, patching the browsers themselves, etc.