Hi LFCmongolia,
Unfortunately, it looks your website has been turned into a command and control server where other machines that have been infected by Cryptowall try to communicate with your website and send data back and forth. When you looked for the e5.php file did you show hidden files as well? I see WordFence is showing they are trying to access non-existent pages, but do you know what the HTTP status code in the logs such as 404 or 200? If you can't find the file anywhere, then it looks like your domain is programmed with the malware into a large list of other compromised domains. One of the steps you can take after you clean and harden your site is to work with your hosting provider and ask them for advice.
You will want to start going through the standard documentation from Wordpress to harden your site and figure out how your site got tied into this. I have included some links to get you started.
References:
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_crypwall.xxrv
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://codex.wordpress.org/Hardening_WordPress