Hot Kiss problems

I have been infected by the edvan solutions xxxserver /hot kiss scam. I have downloaded 'Spybot Search & Destroy', 'Adaware' and 'Hijackthis' software to detect potentially problem files. I have deleted suspect problem files in safe mode. The following is a list of files hijackthis thinks are still potential problems. I would appreciate your advice with these files and any instruction as to problem files and info on their removal. Thank you for your help.
Mr Reeve



Logfile of HijackThis v1.97.7
Scan saved at 16:13:32, on 09/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OSA.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Stuart\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Supanet Internet Explorer
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe
O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ADVFN US - http://usa.advfn.com/advfn_us8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

I know advfn is OK. I am suspicious of 'mHotkey.exe' and 'csrss.exe' and 'msmsgs.exe'.
Appreciate your help.

[Pieter_Arntz]

Hi Mr Reeve,

Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:


O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe
O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i

Download and run CWShredder
Use the Fix button and follow the instructions provided by the program.

Then reboot into safe mode and delete:
C:\WINDOWS\csrss.exe <= ONLY the one in that folder

Regards,

Pieter