could be a possibility if the NoScript site or an ad within were compromised?
But even if it were an ad, you would still expect NoScript to afford you protection, as the ad would be hosted at a different domain. And that domain would not be Allowed by default.
After the restart, you would (normally) also open your Home Page, & any other windows/tabs (sites) that you had opened before the update, so the possibility exists that any malware could have come from one of those pages too.
Or the malware could have gotten onto your computer by means outside of Mozilla, & was only waiting for the appropriate time to present itself, which would have been on a browser restart. Just so happened that it was a NoScript update that prompted the restart, & so just so happened that is when you saw the malware.
PS: FF 3.5.6 is out, closing a few (four I believe) security vulnerabilities. You should update. (Likewise, you want to be sure that your "plugins" (Flash, Acrobat, Java, ...) are all up to date too.)
Do you still have this "64966074.exe" file? Not that I don't doubt it is malware, but upload it to Virustotal
& provide the returned link here.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20091206 SeaMonkey/2.0.1