[TheLastSuperman]

Ok so the folders and files were restored from your backup... was this a complete backup meaning - Did it contain the folders, files, AND all databases?

- If you restored the folders and files only, then the hacker apparently altered your database.
-- The reason we would speculate this to be the cause is; You stated you completely wiped the root directory therefor uploading 100% fresh files did not fix this. per your screenshot so one would be safe to assume (despite the saying regarding that lol) that they altered your actual database. I myself have seen sites where they altered all files and also inserted their webtemplate w/ all the hacker info and silly rubbish into all templates in the style, every single template so more than you think is going on here, could quite possibly be going on you never know until you really dig into it.
**Be careful wiping all files, most owners store their attachments in the actual filesystem and by simply deleting all "possibly" infected files you would in-turn be deleting all attachments - ACK! So always check settings first before blindly deleting folders and files. I would have moved all the contents of the forums root into a new folder, CHMOD it 000 to prevent anything from running that way if attachments were stored that way you could check and clean them later if need be then simply CHMOD back to correct permissions and restore the files to the correct location.

-If you restored a complete backup including all folders, files, and databases then something else must be "up" or wrong. They may or may not have uploaded a shell script or similar such as c99 madshellor a variant and went about modifying what they could and wanted to regarding the actual server.
-- Yes, a hacker can gain access to one site on a shared server and from there gain access to others, its not the hardest thing to do and happens all the time when people do not keep software up-to-date in regards to security and exploits. If your site is a VPS/Dedicated they can still modify the server to a certain degree if they have a shell script in place, of course depending on the sophistication of the script being used.

Check on vBulletin.com for posts and blog posts by myself and Zachery - we have useful info and queries to run that help you look for such things. Edit: Two links I included in my next post following this one.