Today, I created another special snapshot : a frozen snapshot, which is only protected by the firewall "Look 'n' Stop" (+ Router DI-604). No scanners, no HIPS, no real-time protection, no IE-SPYAD, no HOSTS file, nothing ... It's my understanding that a frozen snapshot allows any change during two reboots and will undo any change during the next reboot. There are two kind of changes : 1. Good changes, like Windows Update, AV/AS/AT/AK-Scanner Updates, Software Updates, ... 2. Bad changes, like any kind of malware. All these changes are undone during the next reboot. It's also my understanding, that each possible threat can do its evil job during two reboots, until the next reboot. Maybe Faronic's Anti-Executable can prevent this. What do you think about this ?