I don't think it's a rogue ad.
Although it now hasn't happened for a day, when it did occur, it completely replaced the SW window (ie closed it and opened a replacement browser window over the top) it did the fake 'scanning for threats' thing although none of the 'buttons' on the ad had links in them (ie it was just the entire [age that was the hyperlink). The active-x control was to download the software (obviously I didn't click it) but when you clicked to close the window, that was fine (there was no SW window behind, hence me thinking it isn't a pop up from an ad).
Anyway - my AVG didn't pick anything up, neither did AdAware, so it wasn't either of those kicking in.
It was definitely a rogue 'something' ...............