I've been infected with a google search hijacker. Shortly after a google search result page comes up, all the links change from the real ones to ones pointing to topsearchresults3.com. I'm extremely carefull on my system when installing apps so I don't know how it got installed - The info on the domain says it was created July 12th so it's not that old. I've run several cleaners including spybot, but nothing is catching it. What are your recomendations on finding the culprit and removing it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:32 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$TRACKIT70\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\ViewPoint2\viewpoint\sgmsvp1.exe
C:\ViewPoint2\viewpoint\sgmsvp2.exe
C:\ViewPoint2\Tomcat\bin\service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\ViewPoint2\Scheduler\updaterd.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\Program Files\X1\X1Systray.exe
C:\Program Files\X1\X1.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\X1\X1Service.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SNWL ViewPoint Scheduler - Unknown owner - C:\ViewPoint2\viewpoint\sgmsvp1.exe
O23 - Service: SNWL ViewPoint Summarizer - Unknown owner - C:\ViewPoint2\viewpoint\sgmsvp2.exe
O23 - Service: SNWL ViewPoint WebServer - Alexandria Software Consulting - C:\ViewPoint2\Tomcat\bin\service.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: SNWL Update Manager (updaterd) - Unknown owner - C:\ViewPoint2\Scheduler\updaterd.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: vtigercrm504 - Unknown owner - C:\Program Files\vtigercrm5\apache\bin\Apache.exe (file missing)

Malwarebyte's Anti-malware was recomended in another post so I tried it and it discovered something the others missed - google searches seem to be back to normal (past 1/2 hour) so fingers crossed, it's fixed. This is the results of the scan:

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\richvideocodec.videocodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0ef350a6-8af0-40b5-ade7-cb82fd02c3ae} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35da02a8-1d27-43eb-8088-3210521aa154} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4b2dbc9d-7d49-48f4-8ddc-1b15415ff253} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{926a61c9-5c20-4583-aca7-ace21088816e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{926a61c9-5c20-4583-aca7-ace21088816e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\richvideocodec.videocodec.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hi

If you still need this to be checked post a fresh hjt log, please :)