Well, the hacker got back in and left his fingerprint on the site. Whee. So I dumped the site and reinstalled, restored and reconfigured. I took the opportunity to replace some of the Facebook integration tools and remove some underutilized plugins. Time will tell if the site stays clean or not.