Thx, it was 3.8 and it happened again...
These are the steps I took to try to fix the prob...
1) Dropped all unused tables from database (you get these from trying plugins), including the table that this hack installed (scary!). Be careful doing this!
2) Checked all media files to make sure there were no executable files in the media folders.
3) Went through the site's plugins in the plugin folder and checked that there were no files out of date sync with other files (plugins typically overwrite everything on update so file dates for a plugin should be exactly the same)
4) searched the theme in use for eval and base64 backwards and forwards...also searched for string reverse (strrev). Deleted themes twentyten, twentyeleven, and twentytwelve.
5) Downloaded a fresh copy of WordPress, unzipped it, and copied wp-content from the current install into the fresh install. Uploaded it into a new directory and got the domain working right with these instructions http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
If I didn't get I will be back to this post!!!!