ODS very well runs in Normal mode but if the file is locked by some one (either by application or by OS etc) then ODS will fail to scan and the threat file will seat easily.
When you boot the machine in safemode. Window will load minimal drivers and there is very less chance that the threat file will be locked by anyone so ODS will be able to clean/delete (as per configured action) succesfully.
Rootkit/virus programs have their own mechanism to run/execute so its very difficult for us to say, how are they programmed?
Hem...Thanks for your reply.......