Best way is to make sure all ActiveX in Internet Options are set to prompt at least. Unsafe unsigned set to disable. At least you'll know what tries to install...
Then, you can get Spyware Blaster. It'll act as a kill bit for these crappy drive-bys. It doesn't need to be running, it adds these "kill-bits" to the registry and effectively kills them before they even get on your pc.
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The world is changed; I can feel it in the water, I can
feel it in the earth, I can smell it in the air.'