I don't mean to **** on your bonfire guys, but there is still malware in every single JavaScript file except cannedreplies - so it looks like you cleared that one up.

It's trivially easy to see, it's the obsufacted code that's been inserted at the end.

The site is still riddled and your statement above is misguided at best and malicious at worst.

I'd sack your consultants if I were you.