The malicious code is present within the page even when javascript is disabled – this tells us it isn’t being written there by a document.write within other js files.

When we visit the site with the tmpl=component&no_html=1 settings which suppress template output and send only the component’s output the code is still present:
http://ziggymonster.com/?tmpl=component&no_html=1

This would point quite strongly to the code having being appended at the end of the main Joomla index.php file in the root of your website. Alternatively the component.php file in your template’s own folder or in the /templates/system/ folder may be viable candidates.

Cleansing a site in situ is risky – but can be done with the right knowledge, some experience and the right tools. I’d advise finding an experienced Joomla security expert to do so, or face re-building the site’s files: install a fresh Joomla in a totally clean folder (localhost server would be best), install all of your extensions, then remove your live site, and upload the files to your web space tying the files to the original database.

Of course reverting to a backup from a few days ago would be the best option – you do have backups yes?

You should examine log files for an idea of how the attack was perpetrated. You should also change all passwords, upgrade Joomla and all add-ons – and consider changing web hosts if it looks like another account on the server provided access to allow the hackers in.

Good luck.