OK, I think I found what it is. I did a quick google search for "pid=p1011105" and seems other websites got infected with exactly the same thing. Which lead me to this:
Apache Binary Backdoors on Cpanel-based servers | Sucuri Blog
Working with my host to fix this now...