First, check the access logs of your sites to prove to yourself that you're not getting reinfected through the same attack vector that got you infected. If you don't see requests coming in every ten seconds, that should be enough for now.
You said there are no suspicious cronjobs. How did you check this? Are you sure that cronjobs all show up on the control panel you mentioned, even if they weren't created through the control panel?
If there really aren't any cron jobs, the next likely cause of reinfection is a malicious process that is still running on the server and keeps sleeping for ten seconds, then checking for the existence of the files and recreating them if they're not there any more.
If thats whats happening, then its also likely that you still have a copy of the malicious files on the server somewhere (either that, or they're being downloaded from a remote source). Don't forget to check the /tmp directory for hidden subdirectories. /tmp is a likely place for malware to reside on because its usually world writeable.
Some malware uses a neat trick on unix systems to hide their files: the running process opens the files and then unlinks them, which makes them invisible to command such as ls and find, but because they're open, they're still there (until the process that keeps them open terminates). The good thing is that since they're open, they will show up under /proc.
You need to find this process and kill it. I don't know anything about GoDaddy, do you have shell access? If so, you can use the ps command to list active processes running under your user name.
However, this is all pointless unless you find the infection vector. Check your access logs for very long URLs containing random looking strings first. This is fairly easy if you know how to use grep and regular expressions. If you find something that looks suspicious, google the URL; this might provide you with a description of the security hole that made the initial breach possible and thats what you need to know in order to secure your system.