I'm seriously hoping this is just a false positive on our hosting account. We have two separate accounts with Bluehost and they recently shut us down for malware on both sites. When we asked them to investigate and give us specifics, this is what they replied with.
These files are hacker related and the bad code in them needs to be removed or you will need to remove the files completely. However by removing the files completely can effect the site to no longer function.
These files appear to contain malicious code. You will want to review the files and remove the injected code from important files and/or remove unused or invalid files.
...End of message from Bluehost
I removed the path for our username since this is a public form.
The version of W3 Total Cache installed is 0.9.2.8
I know there were some security issues a while back, but we need to know if this is for real or some kind of false trigger on our server.