Theme PHP File

Hi! I did a scan on my site that is still in the process of being build and the following critical messages came up. I think the site was hacked, and these are just a couple of the messages that I’m getting. Do these seem valid to you and if so, how should I fix them? Thanks!

This file may contain malicious executable code
Filename: wp-content/themes/grunge-style/template.php
File type: Not a core, theme or plugin file.
Issue first detected: 3 days 14 hours ago.
Severity: Critical
Status Ignoring this file until it changes
This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.

File is an old version of TimThumb which is vulnerable.
Filename: wp-content/themes/grunge-style-adfree/includes/timthumb.php
File type: Not a core, theme or plugin file.
Issue first detected: 3 days 14 hours ago.
Severity: Critical
Status New
This file appears to be an old version of the TimThumb script which makes your system vulnerable to attackers. Please upgrade the theme or plugin that uses this or remove it.