First, I should mention that perhaps I have WP installed wrong, but this is the first time I've seen behaviour like this.
My setup is that I have WP installed on a main domain, and then in a sub-domain. The subdomain is a folder within the main folder.
So, when scanning, the main domain reports that there are several files that may have malicious executable code - in the subdomain.
The first thing I do before taking the site offline is to scan the subdomain through it's own installation of Wordfence.
*cue the sound of crickets chirping...*
Nothing. The scan comes back clean.
Scan again with the main domain's installation
Immediately it comes back with all of these "infections".
So, the next thing I do is hit the forums and find this post. I don't think I'll delete the files, but I will compare them to the ones in the main domain's installation.
Mark, if required, I still have access set up for you.