I use Sysinternals Process Explorer (actually now a Microsoft product!) as a replacement for the normal Windows Task Manager. In my most recent scan, this morning, using database 5152, trace 2964, SAS detects "Security.Hijack [imageFileExecutionOptions]" as a malicious Registry key (actually two such). The key reported is HKLM\Software\Microsoft\Windows NT\Current Version\ImageFileExtensionOptions\TaskMgr.exe. This key contains the data "Debugger" which contains "C:\Program Files\Sysinternals Tools\ProcessExplorer\procexp.exe". The path is local to my system; I keep a group of Sysinternals tools executables there. It is NOT a hijack and should not be detected as such. It was not detected last week with what is apparently the same database, but with a different Trace (which I did not record, unfortunately).
Further data: I use Windows XP SP3 Home Edition; SAS 4.40.1002; Process Explorer 12.1.0.0 used since November 2007).