I have a client's computer that was HiJacked by CoolWebSearch as well as being loaded with spy & malware. I have everything working again and seem to have gotten rid of all traces of the CW. The one thing left is 5 entries found under DSO Exploit on a Spybot search. They are listed as a registry change and show up as:
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrenVersion\InternetSettings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-21-2188283067-1582333133-359561344-1006\Software\Microsoft\Windows\CurrenVersion\InternetSettings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrenVersion\InternetSettings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrenVersion\InternetSettings\Zones\0\1004!=W=3

HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrenVersion\InternetSettings\Zones\0\1004!=W=3

Spybot says it fixes them but they appear on the next scan. It doesn't matter if I reboot or run in safe mode. I have also run with SysRestore off as well. Is the only way to get rid of these to edit the registry, and, do I need to get rid of them?

Turns out it is a known bug in Spybot and will be fixed in the next program update (fix is currently available in the beta version 1.3.1).

Thanks for the knowledge!