Okay, need socket help

[Paprika]

See attached image.

I have a bunch of Black zones for my socketbufs... It appears to happen daily, atleast once a day...

I read this is indicative of possible malware such as DDOS scripts, keep-alive and/or connection timeouts being too high or too many services being ran.

1) I have KeepAlive Off and KeepAliveTimeout 5.
2) I don't think I have too many services running:

 20:21:10  up 13 days,  1:09,  1 user,  load average: 2.12, 3.45, 4.00
96 processes: 95 sleeping, 1 running, 0 zombie, 0 stopped
CPU0 states:   0.3% user   0.0% system    0.0% nice  99.1% iowait   0.0% idle
CPU1 states:   0.1% user   0.1% system    0.0% nice   5.3% iowait  93.3% idle
Mem:  3630040k av, 3570416k used,   59624k free,       0k shrd,   27752k buff
      2994872k active,             152960k inactive
Swap: 8193140k av, 2892888k used, 5300252k free                  564564k cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
    1 root      15   0  1308  444  1276 S     0.0  0.0   0:00   1 init
14143 root      16   0  1372  524  1320 S     0.0  0.0   0:00   1 syslogd
15403 named     18   0 14852 2292  4676 S     0.0  0.0   0:00   1 named
15720 root      16   0  3456 1120  3348 S     0.0  0.0   0:00   1 sshd
15875 root      16   0  1976  724  1684 S     0.0  0.0   0:00   1 xinetd
17982 root      16   0  9620 2120  2628 S     0.0  0.0   0:00   1 chkservd
20291 root      15   0 45212 3476 43856 S     0.0  0.0   0:00   0 httpd
20348 root      16   0  1364  564  1316 S     0.0  0.0   0:00   1 crond
24186 root      15   0  5704 1044  5348 S     0.0  0.0   0:00   0 pure-ftpd
24189 root      16   0  3344  656  3132 S     0.0  0.0   0:00   0 pure-authd
25661 root      34  19 11568 5752  4180 S N   0.0  0.1   0:00   0 cpanellogd
26023 cpanel    15   0  6068 1172  3392 S     0.0  0.0   0:00   1 stunnel-4.15loc
30182 mailman   17   0  8936 2212  5412 S     0.0  0.0   0:00   0 mailmanctl
30216 mailman   16   0  8876 1980  5364 S     0.0  0.0   0:00   1 python2.4
30332 root      18   0  1328  392  1284 S     0.0  0.0   0:00   0 portsentry
19550 root      17   0  2052  880  1936 S     0.0  0.0   0:00   1 mysqld_safe
19717 mysql     15   0 90692  32M  6368 S     0.0  0.9   0:00   0 mysqld
22301 root      15   0 10328 2976  7952 S     0.0  0.0   0:00   1 cppop
 3420 mailnull  16   0  6640 1520  6008 S     0.0  0.0   0:00   0 exim
 3426 mailnull  18   0  6604 1436  6008 S     0.0  0.0   0:00   0 exim
 3464 root      16   0  2740 1328  2344 S     0.0  0.0   0:00   0 antirelayd
11568 root      16   0 12124 3508  9532 S     0.0  0.0   0:00   1 cpsrvd
15452 root      15   0  2220 1284  1936 S     0.0  0.0   0:00   0 bash
24373 root      16   0  1816  980  1644 R     0.0  0.0   0:00   1 top

... Which brings me to the idea of possible malware/viruses/trojans being on my server.
I ran the WHM Scan for Trojans and this is what it "found":

Possible Trojan - /usr/bin/pod2man
Possible Trojan - /usr/bin/pod2usage
Possible Trojan - /usr/bin/podchecker
Possible Trojan - /usr/bin/podselect
Possible Trojan - /usr/bin/pstruct
Possible Trojan - /usr/bin/splain
Possible Trojan - /usr/bin/xsubpp
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/dbiprof
Possible Trojan - /usr/bin/curl

Are these really threats?? I googled some of them and found them to be regular linux commands/programs.

What can I do to see if my VPS has any malware on it? Before turning to my host about the slowness of my server?