Shouldn't be a hefty price; what's GoDaddy saying they are going to do (can you link the page/plan you subscribed to)? GoDaddy has become the "Jack of All Trades, Master of None" one stop big shop; fleecing the non-tech-savvy is their angle these days.
I'd duplicate the site to a subfolder and do the same with the database, do all your testing/tweaks to a copy of the site first. If you think you might break something, test on a copy rather than the live site. I'm curious when you say malware, you mean people posts linking to malware downloads, right?
I'm not trying to sell myself in, but I'd be happy to help you. I won't charge anything; I've gotten a lot out of the forum over the last two years. I've been a site/server admin for the last two decades, I'm sure I can harden things up. You can't stop someone determined to jump through all the hoops of registration/activation/capatcha just to post spam, but you can make it so difficult most give up.