I believe the attacker got your private keys few days after you put your computer back online. He was probably monitoring your address, waiting for you to put more money there.
OP wiped his computer, that should be enough to remove all traces of private keys. I still prefer a Linux LIVE DVD though, running from memory to ensure nothing ever ends up on a hard drive.