You are correct on one point that MBAM is designed to run on an infected system. However, SuperAntiSpyware has come up with a portable version where the infected computer doesn't need to be booted to a clean environment. I think it doesn't even need to boot in safe mode. It was designed to keep the infection running so it can be detected. Sorry if I'm not getting myself clear. Meanwhile, I've been going to bleepingcomputers website and noticed that in many cases, their RKILL and/or FixEXE.reg (tool to fix the corrupted EXE file association in the registry) needs to be run to enable MBAM to install and run. I wish all portable versions will automatically do that too (or could be one of the options) so that it will just be a one-sweep fix because some people blame their antispyware for not fixing the "open with" problem after the disinfection.