If you have phpmyadmin installed as a plugin you should remove that one.
This kind of hack does not need any compromised plugin to take effect. It COULD be a plugin that carried some hacking tools with it, but the most common hack being done these days involves a SQL injection of "bad code" and often uses a known vulnerability in phpmyadmin, which was the most popular tool for looking at your database and exporting tables.
Wordpress itself has taken down the last phpmyadmin plugin because it had so many hacks to so many sites that used that plugin.
I still have this plugin but only activate it just long enough to look at my database and then I deactivate it.
You will probably find that every day or night at about the same time the script re-infects a "cleaned" installation. If you have been hacked again you will find one time listed for all files that is later than your re-install.
One of the best things to install after you think you are really clean is BulletProof Security
which you can find in the Plugins at http://wordpress.org/extend/plugins/...roof-security/
I have WordPress 3.2 installed and it works for this latest version. The plugin will warn (if you have WP
3.2) that it is NOT compatabile, but that is a false message. This plugin is installable to the latest WordPress.
It installs some .htaccess rules to prohibit the kind of attacks that probably got you infected in the first place.
By the way, in all likelihood, you were not singled out by a real live hacker. You were hacked by a program that just looks, finds, attacks, installs, and then is automated to come back and to hack you again in the same manner.
That is why I recommend BulletProof, it is very good at stopping these hacks.