Your server is definitely rooted and cannot be cleaned up. The best way it to re-install the machine and apply some security tweaks.
The most important is your kernel which need to be kept updated as such rootkits are uploaded using a security hole in the kernel. You can then enable Apache suexec, PHP suexec, enable open_basedir, disable some php functions using which server side commands can be executed, install CSF firewall, mount /tmp and /dev/shm with noexec,nosuid mode and a few other important changes.