incrediBILL - 5:58 pm on Mar 1, 2012 (gmt 0)
Do you do regular software updates for the whole server?
I can tell you right now that it's possibly ANYTHING, including your server software itself, even PHP itself that's possibly vulnerable so I wouldn't focus too much on just one script.
I wouldn't waste time trying to fix an existing box as you may never find some root kits.
In the end, having done this a time or two, you're probably going to spend more time cleaning an existing box and messing around than simply moving and still may not fix it entirely unless you reformat and reload from scratch.
I'd have a new server provisioned ASAP and migrate to it and upgrade PHP scripts and whatever else you have installed as part of the migration process.
Otherwise you might just get hacked over and over and...