Remove Malicious Code in Catchbox Pro Files

I got an email last October from my service provider indicating that I have 8 files with malicious software and I should contact Site Lock to have them removed. There were some negative comments about Site Lock on the web so I didn’t take the email seriously but I discovered very recently that if you do a Google search and my site comes up, there is a message saying it may have been hacked. I went into webmaster tools and looked at the Security tab and it said I had no issues. I contacted my service provider who reiterated that the following 8 files are infected (same ones as in their October email) and they seem to want me to delete them. I list the files below 2 of which are Catchbox files. Any suggestions on how I should proceed? I’m concerned that Catchbox may not work if I start deleting files. My web skills are limited. I wrote the site in Wordpress and can do basic stuff but nothing more. I got expert assistance to add some bells and whistles. /public_html/wp-includes/images/smilies/themes.php: {HEX}php.cmdshell.unclassed.344.UNOFFICIAL FOUND /public_html/wp-includes/images/wlw/credits.php: JCDEF.PHP.CMDSHELL-01.UNOFFICIAL FOUND /public_html/wp-includes/images/wlw/gettext.pl: {HEX}PHP.C99-7.UNOFFICIAL FOUND /public_html/wp-includes/images/wlw/widgets.php: SiteLock-PHP-SHELL-md5-djx.UNOFFICIAL FOUND /public_html/wp-content/themes/catch-box-pro/functions.php: LONGDEF.PHP.Spam-Links-009N.UNOFFICIAL FOUND /public_html/wp-content/themes/catch-box-pro/colors/css.php: JCDEF.PHP.CMDSHELL-01.UNOFFICIAL FOUND /public_html/wp-content/themes/twentyfourteen/genericons/font/sidebar.pl: {HEX}PHP.C99-7.UNOFFICIAL FOUND /public_html/wp-content/plugins/contact-form-7/includes/second.php: SiteLock-PHP-SHELL-md5-djx.UNOFFICIAL FOUND Adam