wilderness - 4:42 pm on Jan 15, 2013 (gmt 0)
I got rid of the PHP files that they added which had the code that would rewrite the .Htaccess.
You still need to locate the vulnerability that allowed the hacker to add the files in the first place.
I'm not sure a default htaccess exists, at least and unless your not attempting to accomplish something specific.
You might begin with a domain canoncalization to prevent duplicate content.
There's a very long active thread, however this portion is regarding the canoncal [webmasterworld.com]
You certainly need to review your logs further and determine the IP and UA that the hacker used to enter your site, and then add denials for both to your NEWLY created htaccess.