If you're worried that system restore is infected you should delete the "system volume information" folder which contains all the restore points. It really isn't necessary to do this anymore as almost all antivirus and antispyware programs are capable of finding and removing infections from within the restore points.
for another way to check out that registry entry; download this program.
http://technet.microsoft.com/en-us/s...rnals/bb963902
Recently I have seen several variants of the fakeav's add themselves to exe and explorer associations so that whenever you start a program or right click on something or open my computer the fakeav will launch. Usually it is a random 3 letter executable file, rlq.exe for example, that is located in a userprofile or sometimes in programdata on vista/7 systems.
If it keeps coming back and your certain it is an infection you may need to clean the master boot record and boot sector. assuming you have a common setup (1 hard drive 1 os) here are the instructions.
Be careful this is a measure twice cut once kind of procedure!
XP (see resolution for cause 2, method 1)
http://support.microsoft.com/kb/314503
vista/7
http://support.microsoft.com/kb/927392
Linear Mode
