I have no experience with joomla but my general advice would be change all passwords associated with the site, joomla, database, especially ftp passwords. If you had a local copy of the clean joomla files on your computer you could do a file compare or look for files that shouldn't be there or with a recent modified date to identify hacked files then fix or replace them. Removing them if they're part of joomla would break functionality. But as you took the site over maybe you might not have a clean copy of the files locally. So then it might be better to do a fresh clean install of joomla and let it use the database of the old install and then delete the old install completely to make sure any hacked files are gone. No idea about sitelock but strange if you got an email out of the blue after the site is hacked, maybe they scan the web for hacked sites or the host directed them but still seems a bit questionable.

edit: also you would need to consider any theme files or legitimate joomla mods that may have been made to the site originally if you were going the clean install route.