Nice website but as you said, the "bad thing" is still there. Here's some steps to try, which you might have begun or tried already.
The problem with file based compromises is that if you run on a shared host, it might not be your installation but a neighbor on the same box. Or another set of software you are using.
First things first: make a full backup of your database and files and put that somewhere safe. Get ready to be able to restore as a safety net.
Get fresh copies of WordPress http://wordpress.org/download/ as well as your theme http://graphpaperpress.com/2008/06/02/f8-remixed-portfolio-theme-for-wordpress/ and fresh copies of all of your plugins.
Now give this a good read
From that FAQ I find these to be really helpful
After you've put on fresh copies and de-loused your blog, harden the file and directory permissions:
Hardening the directories and files might interfere with plugin updates as well as uploads. Once your blog is clean and stays clean you can play with the file permissions to make your blog friendlier to updates and uploads.
If you make any gross mistakes you can put it back via a restore and start over again.