Attacked by cryptowall 2.0 - now attempting rebuild

It started Halloween is my guess looking for pic to carve a pumpkin with. Win 7 was out of memory - I have 24 gb so that was not right. In msconfig startup was ba025.exe file two places. Removed and rebooted. Seemed ok until I opend outlook and my email pst files were encrypted with instructions in the directory on how to pay ransom for encryption key. There wer 2500+ sets of these instructions in various directories, but not in my main photo folder and other key places. I may have stopped some of the attack. It also put these files on my backup drive but did not affect the backup.

Using restore I was able to put back my outlook pst files and open my email.

I have trend micro maximum security but it did not stop it.

I then noticed IE was slow and lots of comm processes were kicking off. I set IE to high security and that stopped. Trend micro sent me several tools but they all failed during scan. They want 80 bucks to work on it themselves or free if they send me the tools and do what I am told to do. As I said most tools fail. Some just show files that may be a threat.

I don't know for sure if it is still infected so I am rebuilding. I started with backing up some folders from c drive that are important and not effected. Then a disk image. I have a backup before the infection but not a disk image so I am using my Asus disk to recover by wiping partition and reinstalling. If this works I then have to apply my win pro upgrade to get back to the starting block. Then restore files from backup. Only my C drive and a couple folders on another drive seem to be encrypted.

Will I have a problem applying my upgrade? I have the key and the code I received from using key.
When restoring files is there an easy way to restore everything except the operating system files?
Restoring by folder shows the entire drive but I can't drill down. Restoring by file does show folders to restore but will any /user files mess up new op sys?

I will probably know before anyone replies but during restore is there anything else I should look out for?

Is there a way to prevent this in the future? AV software not catching it. Will avoid unknown sites now that I don't trust my av software to stop this.
Last does anyone know if during the encryption they are able to infect a file so that when opened it will all start over again like an image file? All replies are welcome and if you read this far thanks for your time.

All seems well I had to change cables on the hard drives to get Asus to see my operating system drive as drive 0 but it went smooth after that. The upgrade to pro took a long time over 8 hours but finished. I am installing updates for pro now and will finish the important stuff tomorrow. Looks like a disaster has been avoided and my system is clean and running better than ever.