This time, it looks correct.
We still have this entry remaining:
- O23 - Service: Routing and Remote Access (RemoteAccess) - Unknown owner - C:\WINDOWS\system32\83081\svchost.exe (file missing)

Are you sure, you did this set of commands for RemoteAccess

Go Start>Run, type in:
cmd
Click OK.

At command prompt, type in:
sc stop RemoteAccess
Hit Enter.
Wait for the service to be stopped.

Type in:
sc delete RemoteAccess
Hit Enter.
Wait for confirmation.

OK...DONE....
Please check for the latest hijack log :

================================================== ===

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:47 PM, on 5/20/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsysmonitor.exe
C:\Program Files\Trend Micro\ISVW\Web\HTTP\IWSSHTTPMain.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\isntsmtp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\wmiprvse.exe
C:\WINDOWS\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\scheduler.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINDOWS\system32\sysdown.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmproxy.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.1.88:8188
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\ApacheMonitor.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1229579345093
O17 - HKLM\System\CCS\Services\Tcpip\..\{032E7E77-44F4-4EAD-A74C-FCFFC64811DE}: NameServer = 203.115.225.25,203.115.225.24,161.142.227.17,203.1 21.16.85,161.142.2.17,192.228.128.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{032E7E77-44F4-4EAD-A74C-FCFFC64811DE}: NameServer = 203.115.225.25,203.115.225.24,161.142.227.17,203.1 21.16.85,161.142.2.17,192.228.128.20
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O23 - Service: Apache2 - Unknown owner - c:\Program Files\Trend Micro\OfficeScan Client\Apache2\bin\Apache.exe (file missing)
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterScan VirusWall Management Console - Alexandria Software Consulting - C:\Program Files\Trend Micro\ISVW\UI\Tomcat 4.1\bin\tomcat.exe
O23 - Service: InterScan VirusWall for FTP (ISFTPD) - Trend Micro, Inc. - C:\Program Files\Trend Micro\ISVW\Web\FTP\isftpd.exe
O23 - Service: InterScan VirusWall System Monitor (ISNTSysMonitor) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Mail\ISNTSmtp\ISNTSysMonitor.exe
O23 - Service: InterScan VirusWall for HTTP (ISVWHTTP) - Trend Micro Inc. - C:\Program Files\Trend Micro\ISVW\Web\HTTP\IWSSHTTPMain.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Protected Storage Manager (rspp) - Unknown owner - cmd /c start C:\WINDOWS\system32\wmiprvse.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe

--
End of file - 8960 bytes


================================================== ===

Your computer is clean

1. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.


If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.


Click Exit on the Main menu to close the program.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

9. Let me know, how is your computer doing.

I had done what you had advise.....

But my server was windows server 2003 , how can I turn off the system restore ?

I'm sorry. I keep forgetting, you're with Windows Server 2003.
In your OS, System Restore is not installed by default, so you don't have to worry about that particular step.
However, it's possible to install System Restore in your OS, and it's a really good idea.
How to: How to install/Enable System restore on Win server 2003 | Windows Reference

Even better...
I recommend, you use Erunt: ERUNT and NTREGOPT
Manual: Using ERUNT for backing up the registry
In my opinion, it's better, then System Restore, and I use it on all my Windows versions.

Since you're not complaining about any other issues, I'll mark this thread as resolved.

broni ... thanks you so much for your advise...
my server now look like stable already...... feel faster compare with previuosly....

Thanks for you help !!