If you plan on continuing to use IE, go into the security settings (very well hidden, they are, too) and make sure that IE is set to ask permission to run, download, or install anything and ask permission to open popups. The defaults, at least in some versions of IE and some releases of Windows is that IE, Outlook, etc will download and install everything that's presented on a Web page or an email. If that doesn't work, get Firefox or Chrome, where you can easily turn off JavaScript, Java, Flash, etc scripting, so the Web page can't do anything.
If that doesn't work, download NetBSD, reformat your hard drive, and install a new OS. If I recall, NetBSD, FreeBSD, and OpenBSD have no exploits. Most ISPs and many high-traffic sites use FreeBSD-- even Hotmail did for several years after Microsoft bought it.
So steps are, if you're wed to IE:
1) go into your security settings. I don't currently use IE (even at work: they use Chrome), so I can't give you the exact steps.
2) Where it has anything about installing or running anything, change it to either "trusted sites only" (those have security certificates issued by a third party, not self-issued, so even MS doesn't count as a trusted site when its security certificate is from Microsoft) or "always ask."
If you're not,
1: get either Firefox or Chrome (Opera may also be good; I've not used it for years, and was not happy with it).
2: get AdBlock and GhostScript. The former will block ads. The latter will turn off all the browser-side scripting. This is what causes the pop-ups.
3: set the security settings so that executable content (which includes Word, Excel, PowerPoint, and a whole plethora of other file types which would, at first sight, seem innocuous) is not automatically opened.
4: turn off third-party cookies. Firefox has an extension so that you can manage cookies at a very fine level.
Regardless of browser, get an anti-virus package. There are several available on cnet.com, some of which are both free and quite good. One other thing you could try is to set up a secondary account which can't install software. Windows and Mac OS X both let you do this, so you can do all your web browsing on an account upon which it's more difficult to install virusware, and do things like system maintenance (those updates that MS sends you about every three minutes) on a separate administrator's account. In networked and multi-user environments, whether they be based on Windows, Unix, or mainframes, J Random Luser can't install software.