According to the Google report the malicious software that was being called from my site was being hosted on this site: 18.104.22.168. Interestingly enough this IP has been used to host malicious software on several other sites but is not in itself listed as attempting to install said software.
Here’s the Google report for the guys site: Google Report
My site is clean now. I replaced all my files with fresh new ones deleting the old. All templates were deleted and the site was hardened and the back door closed. I’m pretty sure the person gained entry through the older version of WordPress that I was neglecting to upgrade. Well, a lesson learned there I say.