Is there a CMS theme hack on this site or just packed code?

See; http://app.webinspector.com/public/reports/19023090

On the CMS theme hack method: http://userscripts.org/topics/118442

https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.bestcare-homehealth.com%2Fwp-content%2Fthemes%2Fhcare%2Fjs%2Fjquer&hl=en

See: htxp://www.bestcare-homehealth.com/wp-content/themes/hcare/js/jquer
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1691069864 = eval;
Threat dump: http://jsunpack.jeek.org/?report=5a16ecf33a1929e9e178eb736cd3f31ced68e8b9
File size[byte]: 32235
File type: ASCII
MD5: 52F066C2EF564209C2E4085EA7BA673F
Scan duration[sec]: 0.177000

pol

Here it was being used maliciously: http://urlquery.net/report.php?id=5962400
GET /wp-content/themes/mio/js/jquery.carouFredSel-5.6.4-packed.js?ver=5.6.4 HTTP/1.1
Host: wXw.nhatdigital.com blacklisted scam site → http://www.urlvoid.com/scan/nhatdigital.com/
flagged by Bitdefender’s TrfficLight as malicious,

pol