***I did this fix successfully on my Toshiba M750 Portege laptop running WinXP SP3 with ESET NOD32 220.127.116.11; What worked for me may not necessarily work for your system, but I think the concept is valid for other versions of the windows OS.
1. The newer nastier IC3 doesn't allow the relatively easy "safe mode fix" as I said above. It also kept me from utilizing the system recovery approach off of the factory WinXP disc. At least on my machine, I couldn't boot off the windows disc, usb drive, flash card, or anything else. When attempting to boot from any of these, all of the generic drivers would load into memory, and right before you get to any screen with any options whatsoever, you get the blue screen of death erroring out at the same memory address every time (0x0000007B or something). For me, my goal was at least to just get to a prompt, such that I could manually kill enough of the IC3+ files boot normally and run malwarebytes. For all it's nastiness, the newer IC3+ isn't complicated to get rid of once you get into the machine, but more on that later. I also tried a backdoor approach to kill some of the active services on the machine by connecting through the computer management tool on my wife's laptop, but was denied. This may have been a native permissions issue on my machine or IC3+, but I couldn't get in so oh well, back to square one.
2. After seeing the error at the same address with different boot devices, I made the logical assumption that IC3+ apparently locks down the MBR too. I'm thinking, great, how the heck do I get to a command prompt? How I beat the fubar'd MBR? A root kit perhaps? As this is a work machine, I wasn't to psyched about playing with a root kit since I haven't really used one before, and my data is too important to lose. Then I had an epiphany: Boot linux off of a disc to get at the data! I had a burned copy of Ubuntu desktop 10.1 sitting in the drawer and popped it in the drive, then booted up off the disc. Ubuntu's dialog pops up and generously asks me if I'd like to try out ubuntu or install it. I chose to "try it out", which loads all the linux drivers and gui into memory and unused disc space, bypassing the windows MBR altogether. The Ubuntu GUI pops up, and 5 seconds later, I have a file browser window open and I'm ready to clean house!
3. I popped in my USB external HDD to back up my important stuff, then proceeded to do part one of my IC3+ eradication. As I said earlier, the newer IC3+ is still somewhat simplistic. It duplicates a single executable into all the of the user data directories- C:\Documents and Settings\%username%\Application Data\.. and C:\Documents and Settings\%username%\Local Settings\Application Data\.. Just like the old IC3. In the directories for all the users, I found an executable of the same name written at the exact time and date IC3+. It had some random char filename like xjiishgdusf.exe or something (I'm sorry for not transcribing it exactly, but I was hungry for getting my machine fixed and it would probably be a different set of random chars on your machine anyway). While I was in there, I killed all of the temp browser and temp app data files too. If you're slick with linux, you could also just run a grep command from a prompt and find everything in one shot, but I'm lazy and impatient so I just used the GUI to git'r done.
***If you don't kill all the IC3+ executables, you'll have to do all this over again until you do, so take the time to really clean out all the dupes of the IC3+ executables and any temp files.
4. Part 2 of my IC3+ fix is a carbon copy of the old IC3 fix. I booted the machine into Safe Mode to test it out. No more IC3+ screen! Then I booted into Safe Mode+Networking successfully to finish the eradication. I busted out malwarebytes, updated, and did the full scan. It found 2 threats, identified as trojans, which I deleted after the scan. Reboot for normal bootup and I was back in business. Not counting the time for the full malwarebytes scan, this whole process took me less than 10 minutes after spending 6+ hrs fruitlessly searching the web for how to beat IC3+.
I would like to add that I was running ESET NOD32 with the realtime scanning when I got popped by IC3+. On the bootup with my hijacked IC3+, I could see dialogue flash that ESET had detected a threat and quarantined it, but that obviously wan't doing the trick. It also didn't help me when I got popped by the old IC3 back in September. You know, since most of the bad stuff loads before all your AV stuff loads and all...
I'm sure that I could use some other tools to handle the eradication of IC3+ differently, but this is my work laptop and I needed the data the next day. Since the whole issue is getting past the Windows MBR, you could probably adapt this approach with a different flavor or linux or OSX. I just happened to have the Ubuntu Desktop disc handy, but if you have access to another machine, you could download it and probably do even it off of a USB stick too. So that's my story, and I hope this approach can help other people beat IC3+.
Edited by olligator, 24 January 2013 - 08:25 PM.