The vector was within my laptop (local system) sir..
and since its not html, I think it was not generated by a php file (or maybe I am wrong?)
I would like to first fix that line, then I can go backwords and double check... (e.g. if its from a plugin, then I know plugin is at fault)..
I think finding <script type="text/javascript" src="link of malware here"> should not be difficult.. but... arrghhh