I found a similar problem on one of my own hobby sites. I don't think the problem was with a compromised PC, but with a bug in an old version of WordPress. IIRC, there was a weakness with WebDAV that provided a back door.
Anyway, the solution was both more obvious and easier to fix than this article describes. Every PHP file had a line injected at the very top. It was simply a matter of stripping this extra line from each of several hundred lines -- a little time consuming, but not a big deal.
I've seen this happen as well. Some PC malware grabs dreamweaver ftp settings and sends it to a remote IP. The remote IP will keep adding the exploit code to the index.* pages until you change the ftp password. For us it was trying to ftp in once a day. Also, ban the ip.
Anyway, the solution was both more obvious and easier to fix than this article describes. Every PHP file had a line injected at the very top. It was simply a matter of stripping this extra line from each of several hundred lines -- a little time consuming, but not a big deal.