looked at the source of the page and found the offending applet code pointing to server-us.imrworldwide.com
Yup, that did it. Following up on imrworldwide.com, these guys are a spam/spyware company in the purest form. Guys I would highly recommend blocking *.imrworldwide.com, *.redsheriff.com to your firewalls or add them to your HOSTS file.
This comment was edited on May 14, 11:27.