It's possible that any changes made to the OS would have resulted in a different md5 sums for the binaries, which can *sometimes* confuse WHM into thinking the file changes are trojans... given that there are 687 files found, that would be the likely scenario.
If you want a second opinion, you should contact a server management company to do a security audit of your server just to confirm that it is the md5 mismatches causing the false positives with the trojan scanner.
I just ran a scan for trojan horses in WHM and it came up with "687 POSSIBLE Trojans". WTH? Are these real trojan horses? If so, how do I remove them?
The trojan scanner that WHM uses is notorious for being -very- inaccurate with the results - the best way to find trojans is to either do it by hand using logs and traces or to hire a server administrator to do it for you.