Just spent some time fixing my dad's IE startup page that kept being reset to a spammy website, to discover that there's a new kind of attack to a Windows machine: the Hijack.
What they do is set your IE startup page to something, then install hooks eveywhere so that you'll never be able to change it back. Behaviour I noticed was a hidden dll in windows\temp that would reappear after deletion if you run IE.
Browsing browsing browsing I got from a forum of the always great Comment ça marche into the HijackThis website, downloaded the tiny tool, gave it a run, went through the report to avoid it deleting something legit, then the problem was fixed... once.
I then set IE security options to "disable everything, possibly becoming a useless browser". And I installed Firefox.