Yeah, well, I guess what happened is the exploit was actually transferred over to the new server since it was in the database backup. However, after the DNS synced in and I visited the forums for the first time with the domain pointing to the new IP address; NOD32 barked at me with a few malicious warnings.

Have the error actually in front of me helped me get the appropriate info to do a fulltext search on it in the database. I guess my AV only warns you once and then tucks the warning away? Oh well, doesn't make much since, but none-the-less it is fixed

Apparently many other FF and WoW related sites have the exact same exploit... makes me wonder if it is the content relevant ads that injected the code.

Well at least we all updated PHP, mySQL, and vBulletin packages now, so we are definitely back up to speed. thanks again for your help!