GGS Shell Checking System
===Shell Check List===
/home/bozauto/public_html//wp-includes/class-http.php: Suspicious(fsockopen):
 		$request_order = array( 'curl', 'streams', 'fsockopen' );

/home/bozauto/public_html//wp-includes/class-simplepie.php: Suspicious(fsockopen):
  * fsockopen() file source

/home/bozauto/public_html//wp-includes/js/plupload/license.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php: Suspicious(fsockopen):
 			$fp = fsockopen("ssl://" . $server, $port, $errno, $errstr, 30);

 		$data = shell_exec($cmd);

/home/bozauto/public_html//wp-includes/js/tinymce/plugins/spellchecker/rpc.php: Suspicious(fsockopen):
 	$socket = fsockopen($url['host'], intval($url['port']), $errno, $errstr, 30);

/home/bozauto/public_html//wp-includes/js/tinymce/license.txt: Suspicious(Hacker):
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.

/home/bozauto/public_html//wp-includes/SimplePie/File.php: Suspicious(fsockopen):
  * Supports HTTP 1.0 via cURL or fsockopen, with spotty HTTP 1.1 support

/home/bozauto/public_html//wp-includes/SimplePie/Sanitize.php: Suspicious(fsockopen):
 	var $force_fsockopen = false;

/home/bozauto/public_html//wp-includes/SimplePie/Misc.php: Suspicious(r57):
 			case 'isoir57':

/home/bozauto/public_html//wp-includes/class-snoopy.php: Suspicious(fsockopen):
 		if($fp = fsockopen(

/home/bozauto/public_html//wp-includes/class-phpmailer.php: Suspicious(root@):
   public $From              = 'root@localhost';

/home/bozauto/public_html//wp-includes/class-smtp.php: Suspicious(fsockopen):
     $this->smtp_conn = @fsockopen($host,    // the host of the server

/home/bozauto/public_html//wp-includes/class-pop3.php: Suspicious(fsockopen):
         $fp = @fsockopen("$server", $port, $errno, $errstr);

  * This class uses the Unix `diff` program via shell_exec to compute the

/home/bozauto/public_html//wp-includes/ID3/module.audio-video.riff.php: Suspicious(hacked):
 			MDVD	Alex MicroDVD Video (hacked MS MPEG-4) (www.tiasoft.de)

/home/bozauto/public_html//wp-includes/ID3/getid3.php: Suspicious(open_basedir):
 	// sys_get_temp_dir() may give inaccessible temp dir, e.g. with open_basedir on virtual hosts

/home/bozauto/public_html//wp-includes/ID3/getid3.lib.php: Suspicious(Windows-1251):
 			case 'Windows-1251':

/home/bozauto/public_html//wp-includes/ID3/module.audio.ogg.php: Suspicious(base64_decode):
 					$flac->setStringMode(base64_decode($ThisFileInfo_ogg_comments_raw[$i]['value']));

/home/bozauto/public_html//wp-includes/ID3/module.audio-video.quicktime.php: Suspicious(hacked):
 			$QuicktimeSTIKLookup[5]  = 'Whacked Bookmark';

/home/bozauto/public_html//wp-includes/class-feed.php: Suspicious(fsockopen):
 	function __construct($url, $timeout = 10, $redirects = 5, $headers = null, $useragent = null, $force_fsockopen = false) {

/home/bozauto/public_html//wp-includes/class-IXR.php: Suspicious(base64_decode):
                 $value = base64_decode($this->_currentTagContents);

 RewriteRule ^index\.php$ - [L]

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-http.php: Suspicious(fsockopen):
 		$request_order = array( 'curl', 'streams', 'fsockopen' );

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-simplepie.php: Suspicious(fsockopen):
  * fsockopen() file source

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/js/plupload/license.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php: Suspicious(fsockopen):
 			$fp = fsockopen("ssl://" . $server, $port, $errno, $errstr, 30);

 		$data = shell_exec($cmd);

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php: Suspicious(fsockopen):
 	$socket = fsockopen($url['host'], intval($url['port']), $errno, $errstr, 30);

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/js/tinymce/license.txt: Suspicious(Hacker):
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/SimplePie/File.php: Suspicious(fsockopen):
  * Supports HTTP 1.0 via cURL or fsockopen, with spotty HTTP 1.1 support

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/SimplePie/Sanitize.php: Suspicious(fsockopen):
 	var $force_fsockopen = false;

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/SimplePie/Misc.php: Suspicious(r57):
 			case 'isoir57':

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-snoopy.php: Suspicious(fsockopen):
 		if($fp = fsockopen(

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-phpmailer.php: Suspicious(root@):
   public $From              = 'root@localhost';

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-smtp.php: Suspicious(fsockopen):
     $this->smtp_conn = @fsockopen($host,    // the host of the server

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-pop3.php: Suspicious(fsockopen):
         $fp = @fsockopen("$server", $port, $errno, $errstr);

  * This class uses the Unix `diff` program via shell_exec to compute the

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/ID3/module.audio-video.riff.php: Suspicious(hacked):
 			MDVD	Alex MicroDVD Video (hacked MS MPEG-4) (www.tiasoft.de)

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/ID3/getid3.php: Suspicious(open_basedir):
 	// sys_get_temp_dir() may give inaccessible temp dir, e.g. with open_basedir on virtual hosts

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/ID3/getid3.lib.php: Suspicious(Windows-1251):
 			case 'Windows-1251':

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/ID3/module.audio.ogg.php: Suspicious(base64_decode):
 					$flac->setStringMode(base64_decode($ThisFileInfo_ogg_comments_raw[$i]['value']));

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/ID3/module.audio-video.quicktime.php: Suspicious(hacked):
 			$QuicktimeSTIKLookup[5]  = 'Whacked Bookmark';

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-feed.php: Suspicious(fsockopen):
 	function __construct($url, $timeout = 10, $redirects = 5, $headers = null, $useragent = null, $force_fsockopen = false) {

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-includes/class-IXR.php: Suspicious(base64_decode):
                 $value = base64_decode($this->_currentTagContents);

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-content/themes/twentythirteen/fonts/LICENSE.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-admin/includes/class-ftp-pure.php: Suspicious(fsockopen):
  * FTP implementation using fsockopen to connect.

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/wp-admin/includes/file.php: Suspicious(fsockopen):
  * The priority of the Transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets (Via Sockets class, or fsockopen())

/home/bozauto/public_html//wp-content/upgrade/wordpress-3.tmp/wordpress/license.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-content/uploads/2013/06/RED-SPADE-MALE-MEDIUM-166x300.jpg: Suspicious(c99):
 ¯!ù±VüµU¹4!Vž½é dS…bÓ”S9[PI2Š) æŠ Ìº|H£Þ¬ç³nåÿ HQïZp£4‰c995*ž*¼dg5>í½h¹ÇüZñ|~ø¬ër1Ú+ïcŠü†ÔuI5]OQÔïdi.nfi‰n¸'ç_¯?| ¾:ð>¥£8Ïž„êE~LxöÚ/øÞ÷E¹ˆÃ4DÆC.â¾;?…y8r|?©û÷†¬˜Tþ$­wýÕ·ãsŸÕeýÚcøëPÂM ð+[Pâ Ù/B+GÂRHŠùŠQ×Sö¬eUìÛ‹1õ(\Fç=ëÑ?eŸ‡ñ7ã—†ô¦ˆÉi‹›®26©Ï?•yÆ£'˜ÂOÍÞ¾åÿ ‚`xÎ½ñ7Šç‡åâÒïÔà×Ñá!ÏR0±ùãVV«ÞÖ^¯côÊíaŽ8”,h¡G­+dPÄWjîñR‚2M}®‹cùÈuŽôc41 ;qUûÔ®j5SÞ‚â<S©½qN –bŠ9OSh ~éóz½m`¬I”›ñõ­¼¢‚Ðô }*bézªê{ToV&å÷!€+‚E|9ûwþÎ¯B¾3ðí¸ûbç¬kÉõ5öYšPÙCŒUB¹‚HnãYí¤20ÈÁëÅqb°ê¼9:ž¾S™Ï+ÅG–ëºì~$é×—v7-c~¤Gü;ºçÞ§¸‚y$uÀÁõGí{û1ŸjMâÛ<šuÉËÇd©ö¯—íC»y3«Fê

/home/bozauto/public_html//wp-content/uploads/2013/06/TEMPERATURE-SENDER-229x150.jpg: Suspicious(c99):
 Ýÿ è÷ªÄ_ò5ø‹þÂ·Ÿú=ê…tâ¿?Wùž&Gÿ "¬/ý{‡þ’‚Š(®cÛcZ·¯~Gà-Åš}×ö§‰.õßì¸´52Ýy"ÞG2l8È<ôþ˜Dq\nºWñU®š'šÔÄÀ–ÚÃ¸‰¯_/”c99íf~gÇqUpxuƒ·´ö°q¾×WµþgÐ

/home/bozauto/public_html//wp-content/uploads/2013/06/CAMERA-IN-STEEL-ENCLOSURE-300x191.jpg: Suspicious(c99):
 -ä’úÒ5	H­±ˆ'æ*çu=s@Ö.S|ÖðÍ1WC‚£»=}AÁ‚8«Ÿ´?‚¼g¢øÒksé·ré±FcÑíÖ;{rW&2@˜w<çƒÞ¹(¿gý~÷Àw>*€[Mej¯$ðy¥e….GLn#ßÚ¹ã:Í^¤R5Q‡Ùeûï›“pò2J¬Û”W€úW/sá¶K•šÀ=•Äd2¼DŒ7\û~Îhþ'¿ðÜ‹»ÏgÔÀíÓÝ}+Õt;»Mvec/€={s‚?¥='£7„åIóE—€<M¥øûGŸÃž!tÑ¼e–´ÔâÛTþYIÙ%þëŽFê'‡uUðÝÜþl~Uå¹ÚDièAÏNõÆëz&a	”ž	<È¤‘~v÷ú}+¡]N?xMï¥WþÚ±ÛÇÁ÷w7}ÊØôëÐW›R“ íuíåäzQåÆÅ¿¶¿¹¾øè“ZLaf`YƒÉ=€àñ×Ð×+k1[’ªG”ÙtÁÏéøWw¤jCó £‘Û¦Óu)m5ƒ2îØóq¸u^‹HúþÍ¥‘æ”ë7î¶”½ùnzd•÷§g&™	È§¯õù¤•›GúB|ÔÔƒ¡§)'ÞšzrÔ›§qsER(1Š(¢€QŽh¢€ÑÅPŠ9¤¥ ÉíNSLÚyâéL„Çt¢Í4ðh,sRÍ%ë@®:‘º­†é@ÌýL~í«ÆgC&¯:c8‘Ž=y¯j¿MÐšò‹{`¾,}ß.ÙÏ§=kê²GvÑüíâ•9Fª.ïò=çÃ?“Aðm…´©¬ü?k¤A[\½„\;\;–t‚Ê `2[¾ø¬ã¥ÕÞ­½Æ¡kãm*FQ,RDº}Ü›£u;é÷Ã^™®oãwƒÃZ×ØíUãÐõ¡»\Õ.#bIÖU|ƒÏÌB*ÇÄ½ÁŠiz§… ÒRKxm.4Ô™®¥óv(–áÜ ˆ¤ýØ÷99 `WèrŒgz#øåMÆ|Éo¯ü9Û|{ñz Ã¥iRÎ¿Ú_eC4~\Š¬pëü, 0 t=é~M¤ø[H³ÄÉoh˜†ÕVEsÀ;˜ôÆIéÏÔWãË»ý_Ä—·½Ì÷—‘Ç»y@Å’;çwëU¯5i¼‹uDaDÉÓ¸Ç§åKÔaÏ½Ã/jâ–‹üÎWÄ:®±ñ£âÜuœoÔo¯RÂÂØ7îûUr}KrO½z/ˆþ¿Âx‹Ã2jöºÄÖSy:‚¦"v³c99Vàó´Wˆ|+Ðµ?øþÎÃK‰çÕ$yIDN]Q˜a‹—#žÕë"K¤³¿BÎgó?˜Ä±<ç>§uuÐ\Ï™œsVÑÚ·‹4ëI„I·:ÈìÀ·¾õ«–z¬Z­œÉuŠUÙ<Hä+¯0ýy¯5´M%Î®ºã^G8¶ß¦›e­>åáòFÜòrwü={â©•£s6$ÎG

/home/bozauto/public_html//wp-content/uploads/2013/06/BOZLOGO-1100x100.png: Suspicious(c99):
 ìõÎÇÊP™©É@)~h¸¸$ ]*eÍÂbß;Ä¤ÎâÈvºµÎ,o2+³+4©Ù½sd1‘[œ>ÿÉÏ<ii6KˆPX´VÓÊ”úÜþº]¼ý=·p×›ëTw7@¿Éú¨r:²êQü:Yð×ÖHÑ*ñc99· N¯™Š¸åµÐRÝUææ;

/home/bozauto/public_html//wp-content/uploads/2013/06/ACOT-STROBE-LAMP-AMBER-678x430.jpg: Suspicious(c99):
 7Ìãñ¯Sý¤n¼su"Iy£xnÜ¦Nèî½ºWÉž!“][‡ó¼9c99$Ç3â¹ðujfiÊ´ õ{(EþüÙ–ˆ¥‡½&ûë/Å#¿Ô¼dË²M&–‰>äÊHü3Ö¸Mkãn‹¥ÜÍ—Öñ;áŸ—úq\Eüú

/home/bozauto/public_html//wp-content/uploads/2013/06/TRUCK-LAMPS-684x100.jpg: Suspicious(c99):
 ¨ëÓ­|ujŠ=šÕ÷µŸád~…ÃÍTSr~šYþÍ_^ºÕ§±•Ü×ÐÂ¢8®ÁOb;‚y<×3|+:;š<«àäJ3ÁµjùY¾xÑ„$ÑýÐ÷±T¶H±ß‰ÈÈã+Ú¾R­I9J÷óô>çNÒPÑ„ŒwGÃù×=Ôö¨­ÃÄ¬:äu•4Ê œ2òŒPGÒ™&RT|±¹îzW”ÝÏQlAžL¨qÂ9F_U5»4&ëC1Þ`mÀ¤ùü‡ñ¬ˆÕKc99äúŠê<6¦ãÌ„ÆH±“êU—ù¢þb±®í>ÆÑ—,oØ«£7Ú`³iŒµûTþLß÷Ínx~ŽèGpK$·&'Ð$¨‡ÓÌeü«›ÒH¯ã¸¢$ úÞYÿ Ð«và<so Ö²Ê¸þúí”ÔV5¢­(÷_åÿ UUïUúŸ3þÐþvø^­ ?iÐ¯„29­Ûÿ òOå_.IÊçð÷¯Ç}.ôÏ‰Ö»¼èìkþü	(Çü

/home/bozauto/public_html//wp-content/uploads/2013/06/TRUCK-LAMPS.jpg: Suspicious(r57):
 §#1PÊêKŽN0½V/HpêË Žä[‘ëõ2Æ4ª÷‰)½´)æJvm‰Dfi {Ë"ÙcjK_hT¡yt4Öº0º™"cœD!F(cx'dy‹ ”&2¡@M6%—®ìº›ûËŠªÍŒr57w¢ÄÐ†ÌL¡†›Ä ómÞ^,uÏÄQ«J|ˆiòƒ¶-Ž*YZþá[¢jÑ-˜F±¿ø2¶’^”ÀzBµÚ[æ±@À»Þê]°´Z§ž²—ŠPÙç‰Q¬òÐg6#½^³hsç+æ«ª‚ÊÝQšïšˆØ=_FŠnkrÕ{]o•LåæP

/home/bozauto/public_html//wp-content/uploads/2013/06/SEALED-BEAMS-696x430.jpg: Suspicious(c99):
 É{~²¾	%2DkÊŽ©®ì3DÍ™_'¯Î3ü©Éc992¾;‰#ùb¦Ó{ØÚ3¡	]9~òGW-í•ôHÐ²¸—÷‘íg |1$Ÿ¦*„Ú°µ[:[±lâP§q ðrzVDZc–cœéùWcÓ<Ã…Œ6z±ÉçÐÒp}Í£V/HÂþ­ÿ À-­úÜZ¤.Í:!,‘çn	ŒõíQò[Çq›UÜw*œ“×'œw©á±	…%r?…95¥c¥ÜÜ¼k8]†\‚Þœÿ ®YÔ§OV{˜L3ù)FË´t3-¬ÖP§²à¹ô­û=!¤®&Úª9ãå?â+ONÑ…¬\ó Vód8Áúš»¸µUwemáC'~6~]ëÈ¯ŒsøOÓrŽ†Ó¬®ÿ ø%væ4j6°ÉP«÷FIÇãº¥)&æÉçÜ7øŠš9}ÈùU„äŒmÿ ëÕ]ëå©9…Écôÿ âkËm½Ï¿…8ÅJÉûÌbûð[·SþÃ˜À; ôüÿ ÀR™”8 Ãit_þ½1§V$ “´{/øMÝ

/home/bozauto/public_html//wp-content/uploads/2013/05/alternator1.jpg: Suspicious(c99):
 yÐàt˜;]b«C4kßIªHágTC¥¥xî¾†IlX«-Åî\ªéVã(!ÇúTá‚z¥X»H‹Èdàd#JâµãŸ.”´Ûvš-!RŸK¬qÌ®”¤JÊ.¢XÂ´m¬Ü¸(£ê.T«Zä£Ù9Ç—RŸÏí©éÒ#%J®¾c99¾¦´áÂƒ§x±ÐÓI#IA(«DdXÒÍTF©…/©ˆ¹[››ÈóÔI>¾Ÿ¶¾ƒö

/home/bozauto/public_html//wp-content/uploads/2013/05/Untitled-2.png: Suspicious(c99):
 œÕx*„ NPRãœ…PcsGÚ·˜‘DÛp"[/="ðx“£´¡RsTbK(Ü8¦w‹ÝKÙhS‹š(]G#ñ&'M7ÑÎDß*kÇââÙðuû‘»Àk+ê!¢LÈáK	Ötð¢œ-wŠlÜ§Ûuè¹y£Œ¦Z™¥3ØÇ¥ÎO„#	,iž!c99÷åÄè»ý¾úÍ<Øz“ÈHÕCv:]¥g4ÎI Rí3ñôÀƒtBh¬“

/home/bozauto/public_html//wp-content/uploads/2013/08/DSC0903-1_led-buggy-whip-light-350x215.jpg: Suspicious(c99):
 ¬FI€3ÀÎGòìOna²·x¿Õ¯™»“ØFyíŒóžZÐ‹tR<HÎë"€1Ë±-ÈNHëÜû×Ã»Üþ†ƒ\¶äÇæ"äJîÔ †üNOL.;eÓÌhÎªðÊÃžçùÂ®I!ò±åF7dà¦@>¤žp '¶2}êE„ÜÎ˜+–ÀW+ÈãÁéÛÊu*ÈÌžÎ3ŒÌW#žG?Î–2ETîÇ0On	Ç\ãŽIÇjµq<þ[Ë’¿.IRíƒëžåÖ™1ýö9f'1€¤¹Ç~9ú’A¥på"\»¢”3†lØŒç8àéM[X¼–I‹)Ë2àí}3òZhÅç`—èZ1Âãå ç2_®)3É#*nr 0Ú§¹=>îxì;ôÅÈQ‘2Ò7†åÕŽœà1ëŽÆ“‰×vàü£©'éW¬’8Þ¬Ä°Ç9ùŽ èOs×éÇäˆ£lhž9³}ìdñŒg¨öÈÇJ¤ÉpfiBK›€–ÙÈ œ†QÓœñý:ÄÖ‹ç¸ ÌÜžœúúªþÁ«díSÆXïc×®~œŽïXáSÌÔƒœ1äcœŒ`ã¶A\v¥q{2„–‹"Hd—älÆrÄŒç*OŽ*·”ÁU°¾b†$a¾ŸˆïëÖµDD¦?-²Ib `ýG^þ¸¨	w´Ãn;rJ`‘¼£Ÿp8âªäòæÙÄŒde>lcø»gŽüÕ·h—qlepè8çÓ¿jÐktv!ÈMØ€9õÏ¯¿ÔŒŽY0‘`#ÍX·Ær¡Hß’~R£“ž¿Z¢fo’Æ@6«¸p»Cc99 c¯ùÏ²Ms¹•–EŸ›¯uëŸÔp+Fe

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce-call-for-price/license.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-content/plugins/akismet/akismet.php: Suspicious(fsockopen):
 		if( false != ( $fs = @fsockopen( $http_host, $port, $errno, $errstr, 10 ) ) ) {

/home/bozauto/public_html//wp-content/plugins/akismet/admin.php: Suspicious(fsockopen):
 	if ( !function_exists('fsockopen') || !function_exists('gethostbynamel') ) {

/home/bozauto/public_html//wp-content/plugins/nextgen-gallery/lib/rewrite.php: Suspicious(hacker):
         //DD32 recommend : http://groups.google.com/group/wp-hackers/browse_thread/thread/50ac0d07e30765e9

/home/bozauto/public_html//wp-content/plugins/nextgen-gallery/lib/imagemagick.inc.php: Suspicious(passthru):
 		// very often exec()or passthru() is disabled. No chance for Imagick

/home/bozauto/public_html//wp-content/plugins/use-google-libraries/gpl-2.0.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/screenshot-4.png: Suspicious(JIKO):
 u8%å%ÉmZåì,,+ëÐ±Û	'162".!±MAAAXDUUuáÏ–-ZðC~ÞÎÒ’<Œ‘Q5Ngiy¥3&.¬¸¸:!¾]³F¯Æï%Ú¶mÆbapŽ;v§`•*{;gÝÁ~ÉÚ-“w„×l¤àh¼V æ «’Ê¢ªªòš¨êÊêÐˆòŠêÈ¨GhHBJb|RâŽ5k»vï}Æ™çõë7$.>%)1%?/§¬¼¸°p{NöÖ…çV–—•°ÓºUbIIAyEYH˜32,:"*¬  /  T„™ R£uëÖA^ÔF#Ž•-f|ò­¡â›(VüóóógÎœùË/¿ìÜ¹³¬¬¬±fz~Å±±±<±ì³Ï>GqDJJJF’=p%‚®6ªå	)ñ1‘qY™;Â«k"cãXJIKO/«¬ZòË¯Ã†:xÔa=zhÝ¶CyYeAaNEéÎ²’ß|ùÉªß–äïLïÆÒÉŽíÙI½zpùkKKŒ­¨,MNI®ÂD‡4LÀ{¬¥;V¶¤ñq]2UÔtTUUÍš5kÆŒûí·ß”)S:vì˜àñ÷Ëä¬¿Ý»sÖ*³JqqñÖ­[Y“½ãŽ;Æøá‡óÒ+A3

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-shipping/ups_20.php: Suspicious(base64_decode):
                                  <input type=\"text\" name='wpsc_ups_settings[upsusername]' value=\"". esc_attr( base64_decode( $wpsc_ups_settings['upsusername'] ) )."\" />

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-includes/nusoap/nusoap.php: Suspicious(fsockopen):
 		$this->debug('calling fsockopen with host ' . $host . ' connection_timeout ' . $connection_timeout);

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-includes/nusoap/class.soap_transport_http.php: Suspicious(fsockopen):
 		$this->debug('calling fsockopen with host ' . $host . ' connection_timeout ' . $connection_timeout);

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-includes/nusoap/class.soap_server.php: Suspicious(fpassthru):
                 fpassthru($fp);

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-includes/nusoap/class.soap_parser.php: Suspicious(return base64_decode():
 			return base64_decode($value);

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-admin/display-upgrades.page.php: Suspicious(fsockopen):
 			if ( false != ( $fs = @fsockopen( 'instinct.co.nz', 80, $errno, $errstr, 10 ) ) ) {

/home/bozauto/public_html//wp-content/plugins/wp-e-commerce/wpsc-merchants/library/googleresponse.php: Suspicious(base64_decode):
             base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'],

/home/bozauto/public_html//wp-content/gallery/slider1/alternator1.jpg: Suspicious(c99):
 yÐàt˜;]b«C4kßIªHágTC¥¥xî¾†IlX«-Åî\ªéVã(!ÇúTá‚z¥X»H‹Èdàd#JâµãŸ.”´Ûvš-!RŸK¬qÌ®”¤JÊ.¢XÂ´m¬Ü¸(£ê.T«Zä£Ù9Ç—RŸÏí©éÒ#%J®¾c99¾¦´áÂƒ§x±ÐÓI#IA(«DdXÒÍTF©…/©ˆ¹[››ÈóÔI>¾Ÿ¶¾ƒö

/home/bozauto/public_html//wp-content/themes/twentythirteen/fonts/LICENSE.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

/home/bozauto/public_html//wp-config.php: Suspicious(c99):
 define('LOGGED_IN_KEY',    'obxnc996865vt14dvlhwyu1ejlu62lsca3xogfnle8shfk4oqtoepopdbco52wxc');

/home/bozauto/public_html//wp-admin/includes/class-ftp-pure.php: Suspicious(fsockopen):
  * FTP implementation using fsockopen to connect.

/home/bozauto/public_html//wp-admin/includes/file.php: Suspicious(fsockopen):
  * The priority of the Transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets (Via Sockets class, or fsockopen())

/home/bozauto/public_html//oldsite/jotform/lib/recaptcha/recaptchalib.php: Suspicious(fsockopen):
         if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {

/home/bozauto/public_html//oldsite/scripts/fsbb/fsbb.php: Suspicious(base64_decode):
 					$val=base64_decode($value);

/home/bozauto/public_html//license.txt: Suspicious(Hacker):
   `Gnomovision' (which makes passes at compilers) written by James Hacker.

===ClamAv Check List===
/home/bozauto/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swfobject.js: SecuriteInfo.com.HTML.Framer.16090.14174.12502.UNOFFICIAL FOUND
/home/bozauto/public_html/wp-content/themes/mantra/header.php: SecuriteInfo.com.JS.Redir.16479.28327.28701.UNOFFICIAL FOUND
/home/bozauto/public_html/wp-content/themes/mantra/footer.php: SecuriteInfo.com.JS.Redir.16479.28327.28701.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 4876407
Engine version: 0.99.1
Scanned directories: 491
Scanned files: 5993
Infected files: 3
Data scanned: 100.69 MB
Data read: 202.62 MB (ratio 0.50:1)
Time: 62.493 sec (1 m 2 s)
===Maldet Check List===
{CAV} SecuriteInfo.com.HTML.Framer.16090.14174.12502 : /home/bozauto/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swfobject.js
{CAV} SecuriteInfo.com.JS.Redir.16479.28327.28701 : /home/bozauto/public_html/wp-content/themes/mantra/header.php
{CAV} SecuriteInfo.com.JS.Redir.16479.28327.28701 : /home/bozauto/public_html/wp-content/themes/mantra/footer.php
{CAV} SecuriteInfo.com.JS.Agent-2798 : /tmp/sess_0qs85i3rornm6a32idmsrrpcd5
{CAV} SecuriteInfo.com.JS.Agent-2798 : /var/tmp/sess_0qs85i3rornm6a32idmsrrpcd5
===Image Check List===
./oldsite/images/untitled.bmp: PC bitmap, Windows 3.x format, 17 x 28 x 8
./oldsite/images/arrow02.gif: PC bitmap, Windows 3.x format, 17 x 28 x 8