Remove System Restore

System Restore is a program that is used to cheat the money of people by showing error message in the computer hard drive, memory and system. System Restore adds a registry entries to make itself to start automatically when Windows boot. After that, System Restore will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the hard drive, memory and system have serious errors which can only be solved by using the full version of System Restore. Thus, the user is urged to purchase it. Do not believe any report given by System Restore even the warning look so real. In fact, System Restore cannot detect and remove any error of computer.

System Restore can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by System Restore must be cleared by using Windows Registry Editor.

System Restore provide fake features such as Computer status, RAM Memory Status, System Drive and System Registry Status. None of them can really protect computer from any kind of malware.

System Restore should be removed immediately!

System Restore Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

Remove Folders and Files
%LocalAppData%\[random]
%LocalAppData%\[random].exe
%LocalAppData%\~[random]
%LocalAppData%\~[random]
%StartMenu%\Programs\System Restore
%Temp%\smtmp
%UserProfile%\Desktop\System Restore.lnk
File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7, and c:\winnt\profiles\[Current User] for Windows NT.

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\[Current User]\Start Menu\, and for Windows Vista/7 it is C:\Users\[Current User]\AppData\Roaming\Microsoft\Windows\Start Menu.