Use anti-hijacking tools such as IE-Spyad; StartPage Guard; and Script Sentry. However these don't all ways work 100% so here is a manual way to do it.
2. Close any open Internet Explorer windows.
a. Click Start -> Run, type regedit and click OK to open the Registry Editor.
b. Navigate to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
If you find sub-folders called restricted or control panel, delete them. Check for the same sub-folders in:
HKEY_LOCAL_MACHINE\ Software\Policies\Microsoft\Internet Explorer
and delete them, too, if they exist. Then close Regedit.
Delete the suspect registry keys
3. If your search pages have been redirected, re-establish the defaults:
a. Open the Registry Editor and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Change the Search Page value to:
http://home.microsoft.com/access/allinone.asp
and, if it exists, change the Search Bar value to:
http://search.msn.com/spbasic.htm
b. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
and change the default value to:
http://home.microsoft.com/access/autosearch.asp?p=%s
c. Navigate to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
Change the SearchAssistant value to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
and change the CustomizeSearch value to:
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Reset the registry search keys
4. Reset your home page to your chosen page:
1. In Internet Explorer, choose Internet Options from the Tools Menu and, on the General tab, type in your preferred home page.
2. Do a search for any files with the extension HTA. If you find any such files, open each in turn in Notepad and see whether they contain a reference to the site which has hijacked your browser. Delete any HTA files which contain such a reference.
3. Locate the file HOSTS (it has no file extension) and open it in Notepad. Once again, look for any reference to the hijacking site. If you find any references, delete the lines containing those references.
Reset your home page in Internet Explorer
5. Use BHODemon to control which Browser Helper Objects (BHOs) are loaded when you open your browser. When you run the program, it will let you know which BHOs are being loaded. Usually, you should see nothing more than Acrobat Reader (Acroiehelper.ocx) and perhaps an anti-virus helper, such as Norton’s NavShExt.dll. If BHODemon reports any other BHOs, click the Details button and then More Details to check the source. If you’re suspicious of any BHO, disable it.
Use BHODemon to control Browser Helper programs
6. a. Click Start -> Run -> msconfig and check the programs under the Startup tab. If you find an entry which contains regedit.exe /s disable it, and disable other programs you know to be suspicious.
b. Still in msconfig, click the System.Ini tab and click the + beside [boot] to expand the section. Look for a line reading shell=explorer.exe. The line should read exactly that; delete any following commands, but make sure you leave shell=explorer.exe intact.
Note: If you’re using Windows NT, 2000 or XP, this information is contained in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
which should contain the value explorer.exe.
c. Click OK to exit from msconfig and reboot your system.