What I found was that something had written in a registry file that loaded the thing from the web location.
Not quite, but you're on the right track.
The Registry entry you posted doesn't actually tell Windows or IE to
load any file(s) from the malicious website, but it
does make it possible for IE to communicate with the website, which is obviously a Bad Thing. To be technical about it, the presence of the "contentmatch" site in the Domains key is a modification made by the infection; it is not an actively malicious component of the infection, nor does is point to/execute such a component.
https!=W=4
The (horribly boring) breakdown of that cryptic code from SpyBot is:
https is the secure http protocol.
W=4 means that the default registry DWORD value of the https protocol for the domain in question is
4.
4 identifies the Restricted Sites Zone in the Internet Options control panel's Security tab.
!= is coding/scripting notation for "not equal to".
Human translation: "Yo, Bro'- I found a malicious site which should be listed in your Restricted Sites Zone, but it ain't!"
For a
mind-bogglingly boring exposition on the whole ZoneMap/Domains thing, have a read of
this Microsoft article (note: make sure you have a pretty good-sized dose of psychotropic drugs at hand; you'll need them....)
Unsolved 
I did a bit of research and then ran SpyBot again, this time clicking the box to identify what it was fixing. What I found was that something had written in a registry file that loaded the thing from the web location. So here was my fixit that did the trick for me. I welcome comments and please, check the pathing on your Spybot to make sure its the same.
Offline 
