Here's what I did last night.
1. My Macbook had the bad 404 page cached. I looked at it & it had an iframe that referred to http://www.dsnextgen.com/. This wasn't ever in my theme.
2. I erased all of the WPMU php, css, js, images, and other files in the /worship (Where WPMU is installed), /worship/wp-includes and /worship/wp-admin folders. I used my FTP tool to delete these files. While I was at it, I deleted all of the files for my theme, which the Antivirus plugin thought were suspicious.
Next, I had WPMU 3.0.1 installed on the macbook, so I uploaded it to the host. Next, I went through the automated download & install of WP 3.0.1. Finally, I uploaded my theme back into its folder.
I then ran the Antivirus scan of my theme. It gave all but one file a clean bill of health. 10 or 20 minutes after that, I scanned the theme files again and it marked just about every file in the theme as suspicious.
As I didn't touch any of the plug-ins, I think that one of them is infected with something & it's screwing with my theme. So I'm going to redo everything I did last night, and blow away & reinstall the plugins. But I'm going to do the plugins one at a time. And I'm only going to install the ones that my site is actually using.
Oh, about the bbPress install. I didn't do anything with it, though I think that is working OK. Still, it's attracting spammers and no one at my church is using it. So I'm going to deinstall it entirely. I'll have to delete some pages from the wordpress side, but that's no biggie.
Does anyone have any other ideas?