Can't tell you much about that proxy server. I don't see any program (that I know of off-hand) that uses that port for the loopback. I did look in previous HTJ logs and it was in those logs as well, but they were from awhile back (a couple of months).
I did a port scan from GRC (ShieldsUP) and I passed all the scans done (all marked as stealth).
I looked in ZoneAlarm and all the programs that have been ok'ed for internet access are ones that I know to be well.
The rootkit scan was clean. I'll post the log file.
Now, I did go into IE today and there were no Google redirects. I even tried some searches in Firefox and then retried them in IE. Some of the Firefox searches links were redirected while none of the IE searches were.
I also noticed (in the lower left part of the window) that the IE links lead directly to the site linked to. In Firefox, it appeared that ad1.doubleclicker.net (where those .php scripts were located) was visited first. A few links that did go to this site first were not redirected, but most were.
So far, I havn't seen a redirect to that goougly.com site for at least two days, but I havn't been doing many Google searches lately. When I copy and paste the link given in the search, Firefox visits the site fine, without being redirected.
Also, I'm using Firefox 2.0.0.20 at the moment. I plan to up-grade to Firefox 3 sometime soon. And, ignoring today, I havn't used IE for general web browsing for at least two years.
-----Blacklight scan
01/02/09 13:16:44 [Info]: BlackLight Engine 2.2.1092 initialized
01/02/09 13:16:44 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/02/09 13:16:44 [Note]: 7019 4
01/02/09 13:16:44 [Note]: 7005 0
01/02/09 13:16:50 [Note]: 7006 0
01/02/09 13:16:50 [Note]: 7011 1464
01/02/09 13:16:50 [Note]: 7035 0
01/02/09 13:16:50 [Note]: 7026 0
01/02/09 13:16:51 [Note]: 7026 0
01/02/09 13:17:03 [Note]: FSRAW library version 1.7.1024
01/02/09 13:58:18 [Note]: 2000 1012
01/02/09 21:11:29 [Note]: 7007 0