CMS issues and malware on website...

See: https://www.virustotal.com/en/url/a51f25b9d26d671c31c1d74548c27178d2a904e467329c77b5689f1f3d303d62/analysis/1454707459/
Missed detection: http://quttera.com/detailed_report/apphdl.com

CMS issues: Web application details:
Application: WordPress - http://www.wordpress.org

Web application version:
WordPress version: WordPress
Wordpress version from source: 4.2.5
Wordpress Version 4.1 based on: -http://www.apphdl.com//wp-includes/js/autosave.js
WordPress directory: -http://www.apphdl.com/wp-content
WordPress theme: -http://www.apphdl.com/wp-content/themes/Apphdl/
Wordpress internal path: D:\www6\suizong\sites\apphdl\wordpress\wp-content\themes\Apphdl\index.php
WordPress Version
4.2.5
Version does not appear to be latest 4.4.2 - update now.

Checking for cloaking
There is a difference of 5 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page

</script></body></html>PHP Notice:  Undefined index: d674f in D:\www6\suizong\sites\apphdl\wordpress\wp-blog-header.php on line 1
</script></body></PHP Notice:  Undefined index: d674f in D:\www6\suizong\sites\apphdl\wordpress\wp-blog-header.php on line 1

Page blocked by both uBlock and MBAM as malcious.

Two warnings: https://asafaweb.com/Scan?Url=www.apphdl.com

Site error detected. Details: web.php.notice.undefined-index
Notice: Undefined index: d674f in D:\wXw6\suizong\sites\apphdl\wordpress\wp-blog-header.php on line 1
Consider: https://anubis.iseclab.org/?action=result&format=html&task_id=1887cd74632c014046d84ac3b3ed959b0

polonus (volunteer website security analyst and website error-hunter)