This is obviously too late to help the original poster, but in a case like this, something simple to check is the Internet Explorer shortcut. The IE command line accepts a URL that is displayed on open and overrides the homepage stored in the registry. Thus, even a registry search won't find the unwanted URL. Some malware cleaners will detect this and fix it, but most that we have tested do not fix it in all infected user profiles. This might even affect the IE shortcut listed on the System Tools menu. To fix this issue, just edit each IE shortcut's Properties and remove the unwanted URL from the Target command line.