It almost certainly won't be limited to IIS.
And there's a fair chance your a/v and spyware remover won't find it - as it's may not actually be malware. It came aboard, invited, when you did 'something', like download a toolbar or program.
It sounds like ads' pop up when you hover over certain (now) highlighted words. If you're on Xp, go to 'tools' and 'add-ons' and see if there's something called 'incredibar' - that's a common cause of these attacks. Basically, disable ALL the add-ons and re-boot. If the problem has gone, add them back one at a time. If you're on another o/s, get to where add-ons are listed similar to what I've described above.
Let us know how it goes
