Firstly thank you for looking at this post.
I have a windows XP sp3 system that yesterday became infected with cryptowall 3.0
It used group policys to lock out AVG and MBAM from running, and then went nuts throughout the system.
I used ESET Online scanner, mbam, mbar and avg on the system.
currently it is mostly stable, except for a 2nd explorer.exe that spawns and initiates outgoing connections to the web.
I used process hacker to watch what was going on and to suspend the process. If I kill it, it respawns fairly quickly, and says it was spawned by the true explorer.exe process.
I have done an sfc /scannow , netsh winsock reset , reinstalled sp3. all to no avail.
please advise if you can