Weird things happening to Windows 2008 Standard file server

i all,

We have Windows 2008 installed on our Dell server and we are using as file server with SQL database, recently I found out someone gets in our server and keeps installing toolbars, that may be auto robot installing, I have no idea, when I check history of firefox I see facebook.com, google.com some paid survey websites, links to download toolbars, I mean bunch of stuffs, I uninstalled all kind of toolbars and everything I see suspicious, changed username and passwords, changed RDP port numbers, I mean everything I can think of..
I though I was good then today I found out more toolbars installed after business hours when no-body, literary no one had access to our office, no history from firefox though but 4 toolbars installed today at 8pm (everybody leaves at 5PM)


Scanned server using Super antispywarebytes + malwarebytes, both scanners find following as trojan;

"Operating System Information
Windows Server 2008 R2 Standard 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 574
Memory threats detected : 0
Registry items scanned : 65709
Registry threats detected : 2
File items scanned : 89004
File threats detected : 3

Trojan.Agent/Gen-Nullo[Short]
(x86) HKLM\System\ControlSet001\Services\WAUYKLVM
C:\WINDOWS\SYSTEM32\DRIVERS\JUPDDA.SYS
(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_WAUYKLVM
C:\WINDOWS\SYSWOW64\ATTRIB.EXE
C:\WINDOWS\SYSWOW64\SECEDIT.EXE
"

Server becomes unbootable If I remove files shown above, specially JUPDDDA.SYS
Windows 2008 just wont boot without it, luckily I had back up from a night before and I was able to restore system but still have this issue, what should I do? how can I get rid of this trojan without affecting boot files.

Thank you

 

Please see attached logs, note malwarebytes wont show anything for some reason but SuperAntiSpyware does find

thank you

 

My bad, I have scanned all again and attached here, (MGTools wont start for some reason) hitman report was too big and I couldnt attached here so link from dropbox: https://www.dropbox.com/s/2pvqoavq1wino4m/HitmanPro_20140615_0129.log

 

There is no protection software installed on Windows 2008 server and MSE is NOT compatible with servers
I guess we will go ahead and re-install Win 2008 as you advised but all our backups been removed by virus as well, so no back up prior virus infection.