"Several of these hijackers knowingly exploit an Internet Explorer / Outlook Express bug that allows them to be secretly installed on a user's system upon simply viewing the Web page. Hijackers using this bug wil plant one or more .hta files on your system which are executed on startup by Windows Scripting Host. To restore normal operation, search your system for *.hta files and rename any that are found (e.g. change file.hta to file.hta_) or move them to another directory. Then change your homepage and other browser defaults to those you prefer".
http://www.cexx.org/hphijack.htm
If you know how to clean the registers, this
http://www.cexx.org/startup.htm
may be for you.