jf ICESword : Cool Tool to Break the ICE -
ICESword - Multi Purpose Anti-Rootkit Tool
About ICESword
ICESword is the great rootkit detection tool that not many people know. It was coded by a Chinese programmer with a nickname as PJF. Though it is more powerful than any other rootkit detection tools, it hasn't got much attention that other tools have received.

ICESword can find the rootkits which even top antirootkit softwares (such as Rootkit Revealer, BlackLight, Rootkit Detective etc) failed to detect. However ICESword lack automatic file scanning, registry scanning feature that other anti-rootkits offer.
ICESword in Action
Main Screen of ICESword
ICESword Main Screen
ICESword's Registry Editor showing SAM entry
IceSword Registry Screen
Unmatched Features of ICESword
When it comes to detecting variety of hidden stuffs none of the anti-rootkits can stand near to ICESword. Here are some of the things that ICESword can show you
  • Running Process list
  • Open Port list along with process owning it
  • Loaded Kernel modules
  • System startup programs
  • Windows services
  • Layered Service Provider chain list
  • Browser Helper objects
  • System service descriptor table entries (SSDT)
  • Message Hooks
If it detects any HIDDEN entry then it is shown in RED color. This makes it easy to differentiate between normal and hidden entries.

Other important features of ICESword are registry editor and file browser. Its registry editor is very advanced as you can see all the hidden keys and system keys which are not shown by Windows registry editor. File browser is another integrated tool which will allow you to look for hidden files. In addition to this, you can also use it to copy the locked and system files which cannot be accessed/copied as long as Windows is running. For example you can copy SAM file and registry hive files for password cracking while you are on Windows.
Missing Part
This tool is meant for advanced users. It can show you the rootkits on your system, but does not have any medicines for it. You have to do that on your own using other tools.
Some of the powerful features makes ICESword all in one tool and sets it apart from the other rootkit detection tools. But for the author its just the beginning...!
See Also
   Uncovering hidden processes on your computer
   ProcNetMonitor: Tool to monitor network activity of process.
   NetShareMonitor: Watch your shares from intruders. 
   RemoteDLL: DLL injection based tool to remove DLL from process.