Hello helpers,
Both my parents (living in differet states and cities) are infected with System Tool 2011. My mom called me last night needing help to remove the virus. She says she can't get into safe mode. Is there anyway to help her without being is safe mode. After doing some research these are the files that I found should be manually removed.

%UserProfile%\Application Data\[random digits]
%UserProfile%\Application Data\[random digits]\[random digits].bat
%UserProfile%\Application Data\[random digits]\[random digits].cfg
%UserProfile%\Application Data\[random digits]\[random digits].exe
%UserProfile%\Desktop\System Tools 2011.lnk
%UserProfile%\Start Menu\Programs\System Tools 2011.lnk

%AppData%\[random digits]
%AppData%\[random digits]\[random digits].bat
%AppData%\[random digits]\[random digits].cfg
%AppData%\[random digits]\[random digits].exe
%Desktop%\System Tools 2011.lnk
%Programs%\System Tools 2011.lnk
%AppData%\5648541024\5648541024.exe
Remove System Tool 2011 processes files:
%UserProfile%\Start Menu\Programs\System Tool 2011.lnk
%UserProfile%\Desktop\System Tool 2011.lnk
%AppData%\5648541024\5648541024.exe
%AppData%\5648541024\5648541024.cfg
%AppData%\5648541024\5648541024.bat
%AppData%\5648541024
%AppData%\[random]\

Registry

Use Registry Editor to delete System Tool 2011 Registry values
Locate and delete System Tool 2011 registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "5648541024"
HKEY_CURRENT_USER\Software\System Tool 2011
HKCU\Software\System Tools 2011
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce “[random digits].exe”
HKEY_CURRENT_USER\Software\System Tools 2011
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “[random digits].exe″

My mom is more tech savy than my dad so I figured I will try to help her first. Any suggestions or advice would be greatly appreciated. Thank you.

Hi,

Welcome to Helpmyos.com!

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
  
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  

• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.