Malware evidenced:
-Run an AV scan. Quarantine anything suspicious found.
-Run an AS scan. Ditto.
-Run at least a third scan with a second opinion scanner, preferably one that has a good reputation detecting/removing rootkits.
-Have a HijackThis log checked at a forum that deals with these.
-All OK? System restore Off. Reboot.
-System Restore as you like it.
Assuming you can guarantee you are free of malware, you can have it back on.
It is a darned useful tool, but not to be 100% relied on. I leave mine on but limit the space it can use, to about 4%. I think the default is 12.
And in case it's not obvious, the reason to disable it - which deletes all restore points - at the end of a clean up, is that the trojan/whatever can lurk in a restore point. Should that point ever be activated, likely the trojan will, too.
So once clean, it can go back on.