Taskmgr wont open, rename it, opens fine

Hey guys, brand new to the fourm, and I'm well was infected. I got rid of all my trojans and rogue viruses, but the after math, well thats the aggravating part. The taskmgr.exe is being blocked from being used. I can rename it, and it will open, but leaving it as taskmgr.exe I only get a hour glass for a second with no error message of any kind. I'm trying to figure out how to fix this in the registry, before I just rename the taskmgr for good or download an alternative one.

Edited by Modify, 24 September 2009 - 08:33 AM.

This worked for me when i was infected
http://download.cnet.com/Task-Manager-Fix/....html?tag=mncol

This worked for me when i was infected
http://download.cnet.com/Task-Manager-Fix/....html?tag=mncol

Thanks for the link, not sure if it would have fixed my issue, but I did figured it out by doing some more research. I compared two XP regirsties, and noticed the infected had a extra key.
[HKey Local_Machine\...Windows NT\CurrentVersion\Image File Execution Option\taskmgr.exe]
"Debugger"="Svchost.exe"
I deleted it, and rebooted, and task manager was back.

Now a new problem, everything seems to be working, I ran HighJack This this just to make sure my Hosts file was not highjacked, and yet, it found many entries in my hosts file. It said there were so many I needed to just delete the hosts file. There were about 50 or more IP's, only two IPS, just repeated multiple times:
74.125.45.100 (6 of these)
206.53.61.77 (Theses were referenced to www.Google.*, had about 50 of theses)

Anyway, went to system32\drivers\etc, and opened the hosts file, I only seen the first 6 that HiJackThis listed, the Google entries were not there. I scrolled all the way down, nothing. I deleted them, saved it, ran highjack again, and it still reported the same thing. So I went back to the hosts file, it was empty, so I'm curious were HiJackThis is finding them. They are definitely there, becuase, I still can not go to Google in IE, it redirects me to one of those www.google.* websites, which are infected websites.


I'm not sure how to fix this, I mean I deleted the hosts file, and yet there still there or somewhere. Could I have multiple hosts file, I mean how does this work?

Edited by Modify, 24 September 2009 - 09:52 AM.

k, I just learned from futher reading that HighJack This has a Hosts File Manager, I used it, and opend the hosts file via notepad within HighJack and seen all the entries. I deleted all of them, and clicked saved, and got a error.
Cannot create the c:\Windows\System32\Drivers\Etc\hosts file.
Make sure that the path and filename are correct.

I figured it out, the real HOSTS file security had the administrator removed from it. I added it back, and now have access to read and write to the file. Those bad entries are long gone now.

lol seems 2 me u hunted it down and killed it,

Thanks for the update