unknown_html_RFI_shell on website flagged

See: https://www.virustotal.com/nl/url/e1f93b82ec8f205a5b1e0a5fc68f63ef46e416e2c892dce69e89b3a93ec90bf7/analysis/1412084067/
List of blacklisted external links: 9
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/preco-drywalls-5#respond
-gessodrywallsp.com/ssodrywallsp.com/obras-portiforio-drywall-sp
-gessodrywallsp.com/#respond
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/drywallforro#respond
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/paredegesso#respond
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/sancaaberta-3#respond
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/emailfaustinooficial#respond
-gessodrywallsp.com/mailto:gessospgesso@hotmail.com
-gessodrywallsp.com//divisorias-em-gesso-drywall-paredes-escritorios-sao-paulo/attachment/garantia-drywall#respond

Suspicious iFrame check: Suspicious: htxp://gessodrywallsp.com/ferramenta_calculo/ ’

Scan for: htxp://gessodrywallsp.com
Hostname: gessodrywallsp dot com
IP address: 200.98.247.27

System Details:
Running on: Microsoft-IIS/7.0 (exessive header info warning & clickjacking warning)
Powered by: ASP.NET

Web application details:
Application: WordPress 2.9.2 - http://www.wordpress.org

Web application version:
WordPress version: WordPress 2.9.2
Wordpress Version 2.9.x based on: htxp://gessodrywallsp.com/wp-includes/js/autosave.js
WordPress directory: htxp://gessodrywallsp.com/wp-content
WordPress theme: htxp://gessodrywallsp.com/wp-content/themes/elegant-grunge/
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

Security Header analysis: Summary
Number of Happy Findings: 2
Number of Not As Happy Findings: 8
Percentage Happy Findings: 20%

polonus