Hi,
you should look at your services, there has to be a service that is running that file (otherwise it couldn't load in Safe mode). You have to stop and delete the service. Than you download the Unlocker (
http://www.emptyloop.com/unlocker/). Installing it make sure you do a custom install so you don't get the "bloatware". After the install you delete the virus file, the unlocker will kill any process that is preventing you from deleting it. Than you check your "Autorun" folder because sometimes there is a copy of the file but it has a different name. After that you go to the registry (regedit) and go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
and delete any trace of it from there. Then you go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and check if there is any trace of it there. After you are done delete the "temp" folder "Users/username/appdata/local/Temp".
After that you reboot and you should be Virus free. To be sure, you should Install CIS (clean install) and run a scan, also you should run HijackThis, and at least Spybot Search and Destroy...
Thanks
LordRayden
EDIT: Just out of curiosity, are you using x86 or x64 Windows? If x64 things get really interesting. Since Vista x64 drivers have to be signed by MS in order to get installed (you can disable that but I assume you didn't do that) so it would be Interesting how the Virus Author got the Driver signed or how he was able to bypass the Security...
