Let me make it easy as your friend already changed the OS, so better let’s try to go with an easy method to get rid of it first, instead of making any restore point or considering to go with decrypt option (it may cost to buy the tool freeware won’t do much).
Just mentioning this for your knowledge, Until unless you wipe the entire partitions or deleted the one which an OS installed in it, Restore point ain’t going anywhere, it’s just another method to get them started, normally unless anyone set the restore point it won’t get started to restore at any stage, especially, windows 10, user has to enable restore point setting because by default it’s disabled.
Anyways, let’s move on to the basic point. Just do as I’m going to mention below, it’s not that tough.
1. Download these programs once via another PC/Laptop and keep them into USB/Flash.
2. Now connect the USB (Do not auto-play or open the USB by double-clicking) just open ‘‘File Explorer’’ from left side list, Right-click on USB and open it into ‘‘Open in a new window’’. now install SpyHunter, scan the whole system. trash ransomware. now install HitmanPro, do the same, after that install the Malwarebytes, do the same. While you do that Do not open any drive or partition. Hopefully, you have scanned the whole system and trashed the entires.
3. Now Install a Fresh clean OS installation. actually fresh clean install meant to delete the partition and create it over again, this method is used by Pirates (Me as well), because they never Bot system from the same HDD which has personal files data among. there is always a separate HDD for internal use (SSD as well) and other Drive as in External use. So if your friend has the same things, then do as I mentioned above, otherwise, just Format the partition and install OS if he has 1 HDD with specific partitions.
4. Like I said, above, install a fresh OS, once it gets done, Do not open any partition or a file from PC. do the same method that mentioned above, connect USB, open in a new window, install those 3 programs one by one and scan system. and reboot. (It’s double-check thing) I’m sure after installing an OS and using the program before and after, your friend will get rid of those extensions.
Do let me know once you do all this.
I’m marking the thread as solved because it’s under our consideration and we will keep discussing unless problem get fixed.
EDITED: decrypting method and guide added below by @TheJoker!