Happy New Year all!

After a lot of work on my part, my site at
http://www.nightowlstaffing.com was ranking very high on Google searches until around Dec. 30th 2010. Suddenly it's not listed anywhere when searching for "2nd shift jobs" or "3rd shift jobs" (those used to be high ranking on the first page). I suspected maybe the site was hacked but now I'm not sure. I installed the latest version of Security Tools v2.1 (thanks for the program Adam!) and I got the results below. Most of them are from my associated WordPress blog at
http://www.nightowlstaffing.com/jobblog If Peter, Adam or anyone has time to review these and let me know if they are real threats and what I should do next I would really appreciate it!
Thanks in advance!
Dennis
Possibly bad code (execution of a shell command) /home/nightowl/public_html/testweb/locate_convert.php on line 5:
$retval = system ("locate convert");
Possibly bad code in (command execution) /home/nightowl/public_html/testweb/locate_convert.php on line 5:
$retval = system ("locate convert");
Possibly bad code (execution of a shell command) /home/nightowl/public_html/admin/suggest_permissions.php on line 118:
exec ('ls -o '.$temp, $output);
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-content/plugins/pretty-link/classes/models/PrliUpdate.php on line 228:
return base64_decode($client->getResponse());
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/theme.php on line 68:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/class-pclzip.php on line 3222:
// extracted in the filesystem (extract).
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 514:
* Assumes that WP_Filesystem() has already been called and set up. Does not extract a root-level __MACOSX directory, if present.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 570:
* Assumes that WP_Filesystem() has already been called and set up.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 652:
* Assumes that WP_Filesystem() has already been called and set up.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 724:
* Assumes that WP_Filesystem() has already been called and setup.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 774:
function WP_Filesystem( $args = false, $context = false ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/plugin.php on line 625:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/class-wp-upgrader.php on line 70:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/update-core.php on line 317:
if ( ! WP_Filesystem($credentials, ABSPATH) ) {
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-app.php on line 1457:
explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-app.php on line 1462:
explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/class-phpmailer.php on line 438:
if(!@$mail = popen($sendmail, 'w')) {
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 263:
define('SIMPLEPIE_PCRE_HTML_ATTRIBUTE', '((?:[\x09\x0A\x0B\x0C\x0D\x20]+[^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?)*)[\x09\x0A\x0B\x0C\x0D\x20]*');
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 9183:
if (isset($matches[$i][2][0]) && preg_match_all('/[\x09\x0A\x0B\x0C\x0D\x20]+([^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*)(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"([^"]*)"|\'([^\']*)\'|([^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?/', ' ' . $matches[$i][2][0] . ' ', $attribs, PREG_SET_ORDER))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 10775:
$curl = substr($curl, 5, strcspn($curl, "\x09\x0A\x0B\x0C\x0D", 5));
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 10779:
$curl = substr($curl, 8, strcspn($curl, "\x09\x0A\x0B\x0C\x0D",

);
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11048:
$space_characters = "\x20\x09\x0A\x0B\x0C\x0D";
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11255:
elseif (substr($data, 0, 20) === "\x00\x00\x00\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11257:
if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E"))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11268:
elseif (substr($data, 0, 20) === "\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C\x00\x00\x00")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11270:
if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00"))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11281:
elseif (substr($data, 0, 10) === "\x00\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11294:
elseif (substr($data, 0, 10) === "\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11307:
elseif (substr($data, 0, 5) === "\x3C\x3F\x78\x6D\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13583:
$ws = strspn($this->file->body, "\x09\x0A\x0B\x0C\x0D\x20");
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13603:
elseif (substr($this->file->body, 0,

=== "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13634:
elseif (substr($this->file->body, 0,

=== "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14820:
if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data))
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14832:
$data = base64_decode($data);
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14875:
$data = preg_replace('/(<[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*)' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . trim($attrib) . '(?:\s*=\s*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>/', '\1\2\3>', $data);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/class-snoopy.php on line 1015:
exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/Text/Diff/Engine/shell.php on line 50:
$diff = shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file);
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-includes/class-IXR.php on line 249:
$value = base64_decode( trim( $this->_currentTagContents ) );
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php on line 31:
$data = shell_exec($cmd);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php on line 75:
$data = shell_exec($cmd);