Hi,
Please see: https://codex.wordpress.org/FAQ_My_site_was_hacked
**
Sucuri is a good site to check for problems:
https://sitecheck.sucuri.net/results/heartcenter333.com
Interesting it showed lots of problems in the cached test it had for your site, but when I did a rescan of your live website it seemed to find no/less issues – so it is possible that you may have successfully cleaned up the problem – though it is extremely hard to be sure of this. Once a website is hacked, they can install backdoors, or can re-hack you again using the same method potentially…
Make sure WordPress and all plugins are up to date, and change all your hosting/FTP/WordPress passwords. Make sure your themes are up to date, and any bundled plugins inside the theme are safe/up to date.
Other good news, is that the only site that is showing you as blacklisted when I check with Sucuri is McAfee – it could be a lot worse, eg Google!
http://www.siteadvisor.com/sites/heartcenter333.com <– click request a review.
> need to know where else I need to look
I often find problems are either in functions.php (in theme files), header.php, footer.php, .htaccess, javascript files…