Nice website but as you said, the "bad thing" is still there. Here's some steps to try, which you might have begun or tried already.
The problem with file based compromises is that if you run on a shared host, it might not be your installation but a neighbor on the same box. Or another set of software you are using.
First things first: make a full backup of your database and files and put that somewhere safe. Get ready to be able to restore as a safety net.
http://codex.wordpress.org/Backing_Up_Your_Database
http://codex.wordpress.org/WordPress_Backups
http://codex.wordpress.org/Restoring_Your_Database_From_Backup
Get fresh copies of WordPress http://wordpress.org/download/ as well as your theme http://graphpaperpress.com/2008/06/02/f8-remixed-portfolio-theme-for-wordpress/ and fresh copies of all of your plugins.
Now give this a good read
http://codex.wordpress.org/FAQ_My_site_was_hacked
From that FAQ I find these to be really helpful
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
After you've put on fresh copies and de-loused your blog, harden the file and directory permissions:
http://codex.wordpress.org/Hardening_WordPress#File_permissions
Hardening the directories and files might interfere with plugin updates as well as uploads. Once your blog is clean and stays clean you can play with the file permissions to make your blog friendlier to updates and uploads.
If you make any gross mistakes you can put it back via a restore and start over again.
Good luck.
fraguada
