Thought: You're mostly concentrating on removing the concequenses of the hack, you're not really looking for the origin of it. You might get lucky and find some trojan, but that trojan had to come from somewhere. I would go as MSMittens suggested and install an IDS to track intrusion attempts on your network.