Since you have no root access yourself I consider this compromise only restricted to your own account. Otherwise the owner of the server would probably have taken care of the issue already.
The best way is probably to nuke the site and set it up again, but only after checking how the attacker came in and make sure it is no longer possible.
The best way to check where exactly your server is compromised is to compare all data with a known good version. I don't know about your setup but it is common to make the site development on a local system and then mirror the data to the remote system. Thus it should be possible to compare these both versions or to simply restore the site from your local copy. Not that you need to check also if files exist remotely which don't exist locally.
If instead you have done all the changes on the production system and do not have local copies then I'm very sorry for you since this effectively means that you have to look at all the files and see if they differ from what you remember. File modification times might be an indicator of a change but are not reliable since they can easily be set to other times (also older) without needing special privileges.
Additionally there might be changes to the database. If you web application dynamically creates HTML based on fragments in the database then you have to go through all records an look for anomalies.
If you have access to the log files of the server these are also a good source when looking for abnormal behavior, but it is up to you to know how your site works and what would then be considered abnormal.
And finally your site might be vulnerable by remote file inclusion attacks (RFI). In this case you will not find much traces on your local system, because the files used in the attack might reside on a remote system. Thus make sure your web application is secure. You should do this anyway because otherwise chances are high that you get compromised again fast.
Note that simply searching for known malware is not enough because even small modifications on existing malware will leave the malware working but you will not find it any more.