I don't have the money to invest, but SAINT exploit has a removable media payload in their framework.  I don't think that they'd have repackaged an autorun dependent delivery for the kind of money they are asking.  Depending on your budget it might be worth it to contact them and see if they are depending on autorun.

Hope that helps.

If you are trying to do education, you may be able to leverage 2 things.  First you can directly call iexplore to launch an educational page, along with causing an anti-virus alert to pop up.  As part of the auto-run for the drive, cause a web page to open to a pre-setup educational site on your internal network that is tracking IP's, maybe integrated windows auth, etc so you know who you have gotten.  Put something useful with action items for employees to understand the risk of this type of behavior.  Then, to drive the point home, put EICAR as the next autorun to have it copy over to the hard drive.  Most AV's with real time protection will freak out at that point and pop up a "hey you have a virus" warning.  Make sure whatever you do that you make the most of the education aspect.  Unless folks truly understand what just happened to them and tell their friends about it, you are probably not getting the most for your effort.

I am not aware of a program which can do what you need yet, but it shouldn't be too hard to code if you have some basic knowledge in programming.

Rather than just rely on (just) such a tool I would recommend to do for example every month a little presentation about social engineering and make them aware of possible scenarios how a social engineering attack could look like. In my opinion it is not enough to tell people this once as with time they will forget or become careless.

Instruct them on a regulary basis what to do and what not to do. Consider also, that there can be ways to hide or erase information that a device was plugged in or didn't get detected by your program for various reasons.

In my experience it also helps not only to tell them about SE (or other topics) but also discuss about it and let them ask questions. When people talk by themselfs about it it often will remain longer in their brains because it was something active (talking) and not only passive (listening).

Yeah, definitely pricey.  I must have misunderstood.  I thought you were trying to get around people having autorun disabled on their machines rather than what to do with them once you hooked them.  The coding on an autorun type solution isn't too hard.

Best of luck.