My USB flash was recently infected with an annoying worm that kept producing folder.exe, the infected computer wasn't mine and it had no AV protection at all, I installed Qihoo and MBAM on the spot, and they took care of everything (deleted malware and none of my flash files were deleted). When I looked up this malware later it turned out it was a worm from 2010 or so called w32-rotinom. There was an article on precisesecurity.com where they explained how to remove this malware, it said one should scan in safe mode!! Is it because the article dates 2011 when AV capabilities were lower? Qihoo and MBAM were able to detect and delete the threat, why the safe-mode scan? (my question applies to any malware, AV detected and deleted the threat, call it a day or dig deeper?)