Without seeing what exactly is in the machine its going to be tough to clean it out. Crypt.AHX is a generic naming of an infection, I know F-Secure has it in their definitions.
With any infection you believe is "jumping" from machine to machine, there is a strong possibility that the entire network is infected. Any machine that is connected to the net there might have the capability to spread the infection, possibly through contact lists (bad if you have customers info). I would recommend dropping the network until its cleaned up, if you believe the infection is replicating itself on other machines.
Cleaning one machine might give you some idea what's going on in the others, but remember malware can come bundled with other stuff.
As this seems to be a business application, I would think you would be best served by hiring someone to give you a hand. You can revisit HERE
and read the preparation guide, and then post the logs requested. Be prepared, there is a bit of a backlog in answering requests for help right now.
I must caution you about launching tools on your own, some of the things used here will destroy an OS or programs if run incorrectly. The use of tools on a server platform can be deadly to the machine. You seem knowledgeable, but you are getting into an area most IT people don't deal with. Please use caution.