Okay, first of all, this looks absolutely nothing like an already activated virus, trojan or rootkit. Why in the world would such a thing blatantly show itself, almost yelling "Hey, you're infected!" at the user? What would it possibly have to gain? Neither does DNS-poisoning seem to be all that likely - but, none the less, you could try setting your DNS to be something unlikely to be poisoned, such as your work DNS-server or (if possible) the RNS.

Now, as to what I'd guess this is:
The image it displays looks silly, at best. It is either trying to keep the user focused on it (at the risk of alerting the user to it being malicious) or wants to give the user some sort of choice. The second, although unlikely, is possible - something like "If you're stupid enough to agree to what we're suggesting, we'll rootkit you, but we'll spare the smart ones." Ethics? Meh.

Either way, you are not of any true influence on the process. If it can run arbitrary code on your machine, it will do so as it pleases, and does not need your permission. If it cannot, I see little point in it existing... A prank? Unlikely.

Thus, what we know about the program:
1. It shows up while, and only while, you are browsing the Guild from a Windows machine.
1.1. Thus, it likely has a check about whether your browser claims you're using Windows - try changing this variable, and see if it vanishes. If you post your current one, I can try it under Linux.
2. It shows up on both Firefox and IE.
2.1. Kudos for making it browser independant >.>
3. Neither antivirus is alarmed by it.
3.1. Now this is the interesting bit. The high-security one should be tipped off by just about anything. Could you specify which one it is that you use at home and at work, please? No need to include firewalls - I'm guessing this is purely http.

I would advise scanning at least your home system fully, to make sure it didn't cause you to get infected. Further, NoScript was already mentioned - it's a great thing, although not all that necessary now that AdBlock can block .js files. When browsing the Guild, Firefox wishes to execute scripts from totalwar.org, google.com, adbureau.net, quantserve.com and atomicgamer.com. I allowed the first two, blocked the rest (don't know the last one, but the other two are ad sites). Back on Windows machines, I've had Avast light up while browsing quantserve - that could very well be the problem.