I changed all my passwords last month, and I am not sure how they got in, changed my password again. I went on my site on Fri and it was blank, seems someone cleared my index.php file, I also noticed a new plugin was installed which is used to update and edit ftp files, dont remember the name, but deleted it. I restored the index.php file and got my site back up, however, today I got the email from Google of a phishing attack.
Here is a list of recent files that I noticed were changed or deleted in the last week.
Yesterday I came across a great WordPress Security plugin called WordFence ( http://wordpress.org/extend/plugins/wordfence/ ). It helps to clean up a hacked site. Install it and make a scan. It compares the files in your site with the wordpress ones and replaces it with fresh files if it finds any changes in your site.
Sorry mate. I’m on mobile now. So, couldn’t help anymore FTTB.. Can look into this issue tomorrow though..