Thanks for that, it really speeds up the scan and I think there could have been other hacked files in that backup folder too.
I have added the htaccess hack to my Definition Updates so that it can be automatically fixed without you having to delete it and manually recreate it if it gets hacked again. I sill have not found the root cause of this hack or any specific vulnerability that could be letting the hacker reinfect your site. I will keep looking but it would be most helpful if a can look at the hacked files right after they are infected and before they are fixed or modified, so that I can get an accurate timestamp of when they were changed. Then we can search the raw access log file to see it there is any evidence of how they were changed.
Those two theme files you mentioned look fine:
wp-content/themes/classic-theme3/gallery-single-template.php
wp-content/themes/classic-theme3/gallery-template.php
I'm not sure why they were updated but it would seem they were modified responsibly (possibly an update/upgrade).
There is also a folder called newsite_b4_port that may have a whole other installation of WordPress in it. This could have it's own vulnerabilities, do you know if it serves a purpose or if it can be removed as well?
Aloha, Eli