While waiting for wordpress guys to fix this I did what I could, and this is what I figured out:
This hack backdoors a random plugin (any of whichever plugins you have activated). You can switch your plugins off one by one, and test to see if the hack is still active. When you hit the right plugin, the site should be back to normal and the hack gone (for now). You are still vulnerable and it's very likely that they will hack you again. But for the time being you are OK. Just replace that plugin with a fresh copy and you can use it again.
If you can't be bothered by looking for the right plugin, just overwrite your entire plugin folder with a saved plugin-folder containing all OK plugins.
I can't wait to hear where wordpress went wrong to allow this to happen.
I emailed the anyresults.net hosting company and domain registrar. The guy should soon have to start all over with a new domain. While we wait for the wordpress guys to fix this, you can call/email/fax the guys ISP and domain registrar, reporting this.
From what I figured out, his ISP is ISPrime (isprime.com) and his domain registrar is publicdomainregistry.com