Thanks for sending me you login info. I just ran a Quick Scan on your themes and it found the malicious ‘b_goes’ function used to handle output buffers. This code was added to the functions.php file in all 7 of your themes. I applied the Automatic Fix which successfully removed the malicious code from all 7 infected files and now this site is clean.
This type of infection usually gets in from a vulnerability on another site on the same shared hosting server. Most shared hosting plans have no cross contamination security at all such that a single site’s weakness can be exploited by hackers to infect other sites on your account and sometimes even other accounts on the same server.
I am running a Complete Scan now on all the sites in the html directory. There are a lot of sites in this account so it looks like it will take about an hour to Scan them all but it has already found and fixed infected files on another site. I will follow-up with you directly via email when the scan is complete.