Filename: C:\WINDOWS\system32\devenumn.dll

Here was a HJT log from some point between pre-removal and removal:

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: (no name) - {7278C9CA-8118-4F8A-80D5-D0BE6516F7F2} - c:\windows\system32\devenumn.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\program files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: pxtqvhgj - devenumn.dll (file missing)
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\program files\common files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3252 bytes

I searched through the registry for the CLSID ({7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}) and here were my results:

HKEY_CLASSES_ROOT\Nhatveib\CLSID
HKEY_CLASSES_ROOT\CLSID\{7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Nhatveib\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7278C9CA-8118-4F8A-80D5-D0BE6516F7F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pxtqvhgj
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sqjjqprm\Parameters

After trying all of my tools in my toolbox (HJT, Combofix, process manager, undll, vundo remover(?) ect.) with no success, I removed the file via the recovery console, which obviously was successful. Combofix was able to remove the O20 part.

However, cleanup to remove the dead strings and dead registry keys was not fun, until I stumbled across this .dat file: C:\WINDOWS\system32\drivers\nyobucwi.dat

Further looking into the .dat file, I came across it in the registry, under HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nyobucwi

Jackpot! Contained in this key, is all of the instructions for the corresponding strings for the virus. One of the values for group is "boot bus extender" which explains why it cannot be deleted in safemode and why programs like unlocker cannot delete it during boot.

Hope this helps, if you have any questions feel free to shoot me a pm or reply to this thread, I'll keep notifications on if a reply is posted!

P.S Combofix was able to delete the nybocwi.dat file manually using a CFscript txt file.

Thanks for uploading the file, I'll add it to the malware listserv.