Hi There, recently I saw a new version of Port Explorer Demo, tried to install(worked) and to start the port explorer.exe, but starting did not work. Because of some forensic research I found Antihook, installed and it revealed that csrss.exe has a loop routine to terminate port explorer.exe, for a short time Port Explorer worked but after some reboots Antihook wasn´t capable to maintain the port explorer.exe protection. (Antihook has some leaks in protecting processes I noticed, but nevertheless a really great tool, also because it was the only tool that revealed the csrss kill routine) Then I tried to start Port Explorer several times and the PC slowed down totally 90% CPU, about 5 Port Explorer.exe´s found in Taskmgr, the whole PC was nearly freezed because of this phenomenon. Some days later I decided to reinstall Win XP Pro Sp2, but the same again. VICE does not work, but fu -pl (good process lister) found a 10 digit pid with empty cases, could that be a bios/mbr/acpi rootkit? Another question for Pros: the comctl32.dll Hook in several win application like regedit, does that mean a normal behaviour?