I would really recommend you to set your server up anew and change all your passwords, that's the safest route you can take. The password change is absolutely mandatory, don't use the same passwords on the new system.
I really advise against using the compromised system, since you can never be sure if you really managed to completely sanitize your system. If you still want to try it here's what I can say about your situation:
Apparently your Apache Webserver has been compromised, and it's extremely probable that the attacker used either WordPress or phpbb, especially WordPress has been known to be a large attack vector. Now your webserver is executing at least one PHP script the attacker injected, which tries to "phone home" via sendmail, which apparently isn't installed, this is what saved you so far. If your server has been configured correctly, Apache and therefore the PHP script can't access or modify anything significant outside of /var/www or whatever directory you use to store your webpages, so there is a really slight possibility that nothing outside of that folder got compromised. I wouldn't bet on it.
As to catching that script: You can try to set LogLevel debug
in you httpd.conf, but PHP has been known for its rather lacking logging capabilities. There's also a possibility that you already deleted the script when you removed the unknown files and that a restart will remove the malicious code. But it can also be that the attacker injected another hidden script that redownloads the files once the service gets restarted if they are missing.
Long story short: Be safe, reinstall the server, change all the passwords and keys and check installed WordPress/phpbb plugins/mods for known vulnerabilities to prevent reinfection.