I saw no evidence of infection coming from database content. SQL injection would be a completely different type of attack and I'm very confident that there is no vulnerability for sql injection in mojoPortal code.
Your site was infected by a file system attack that modified files in your web site. Since the infection date is within range of the log files that you sent and since those log files contain no evidence of file uploads I would conclude that the files were infected by an attack on a different web site and that file system permissions allowed that attack to modify files in your web site. This means your host is using the same user on your application pool as on other sites or using the same application pool for other sites. Unless that is corrected the problem could come back. The only other explanation is if a real person with direct server access purposely infected your site, ie an employee at the host, but the first scenario of bad security configuration seems more likely. I don't want to accuse your host of poor configuration but this is what the evidence leads me to believe.
It would be best if your host can provide a unique user and a unique application pool for your site and remove all file system permission from your site folders and files for any other users except those needed to run and manage your site and not use the same app pool or user for other sites.
I agree that other files besides js files could have been infected though I did not see any evidence of it. It would be best to upgrade but I would want to make sure the permissions are fixed first so that you can be sure the problem won't happen again. The host may not want to admit to any problem with their configuration and if they deny any possibility of the configuration being insecure I would be very skeptical.
You could also look around the file system for any other files with the same modification date and that would make me suspect that other files have also been compromised.
Actually that modified date 2012-07-09 is today which makes me think the infecting code is still active on the server and may still be infecting files and may re-infect them if you fix them. If I were your host I would be looking into that and looking for files (especially js files) in all customer sites that have recent updates to js files. So again before uploading new files I would want to be sure the underlying problem is fixed, something on that server has been compromised and is infecting sites on the server, it does not appear that your site was specifically attacked or that there is any mojoPortal vulnerability, but something on the server is infecting all the js files it has permission to infect. I think it is very very likely that other sites on the server are infected and one of those sites was the initial site that was compromised but poor file system security has allowed it to spread.
Hope your host can resolve the problem. Let me know if I can be of further help.