For anything that is added by the malware, you can usually just delete.
You have to be careful as many times it tries to "Modify" keys/files/folders, etc. You usually can't just delete it without killing something legit.
It sounds like you had the same infection I just looked at so hopefully the log will closely match what you are seeing. System Tool 2011 is what I saw.
Yes, I have VMs setup where I can get the samples and play with them to find out what they do. It makes it much easier to create removal scripts/tools as well add to my application/device control policies.
The problem is it's so hard to block the sites because hundreds appear/disappear per day due to DNS fast flux techniques. Basically, compromised hosts act as proxies which makes malware networks much more resistant to discovery and takedown efforts.
Basically, Application and Device control is the way to go if you use SEP. I've always recommended it. Another good option against web based threats is to use a proxy. It's not the end all to malware but it definitly helps.
I've attached another log file from the same piece of malware (just a different executable) but as you can see they are virutally similar so removing the added files in question should get you started in the right direction. Ideally, you will just want to re-image but I know that's not always an option.
Here's another screenshot of what I was seeing: