audit our website code to get rid of malware/exploited files

We need someone to audit the scripts in two of our websites: [login to view URL] and [login to view URL] -- JaguarPC, the company that hosts our websites, informed us that two of our websites may be hosting malware/exploited files. Because of this, they've taken both sites offline. We need someone who knows how to troubleshoot this issue to log into our two websites and audit those two accounts in order to identify any other malicious/suspicious scripts other than the ones JaguarPC sent us and remove/clean any such files. Here's copy of the message we received from JaguarPC: ------------------ Hello, During an investigation into malware-related incidents on the server, it has been brought to our attention that an account within your control may be hosting malware/exploited files. Below are the results of a malware scan against your account: ============================ FILE HIT LIST: {CAV}Unix.Malware.Binsh-1 : /home/children/public_html/wlp/30 {HEX}perl.shell.iskorpitx.183 : /home/children/public_html/wlp/[login to view URL] {MD5}exp.linux.unclassed.10522 : /home/children/public_html/wlp/2009 We had no choice but to restrict access to the account in order to prevent further unwanted account activity. Please audit your entire account in an attempt to identify any other malicious/suspicious scripts, and remove/clean any such files. Please also review and implement the following suggestions, and perform them on a regular basis: 1- Immediately change FTP password of your account to a stronger one. 2- Ensure that the computers you are using to access your hosting account with us are secure and network is protected by a firewall. 3- Contact your developer to conduct a thorough audit of your account to remove any vulnerable scripts. 4- Check the access logs of your account to get an idea who accessed your system. 5- Use SFTP instead of normal FTP to upload files to your account. 6- Ensure that all 3rd party scripts/themes/plugins/etc are updated to the most recent/secure versions available. Once you're in a position to address the matter, please provide us with your local IP address so that we can allow access to your IP. In order to obtain your local IP, you may visit the following URL and provide us with the result: [login to view URL] Should you have any questions or concerns at all regarding this notice, please don't hesitate to let us know, we're here to help.