OK. Was able to get in. One more question, please.
I have checked and double-checked these wordpress sites on this server I had the problem on. I have used several external scanners like Sucuri and I have Wordfence scanned them. During my repair, I FTP'd the newest Wordpress 4.0 zip contents to every wordpress install to make sure the core files were original.
In trying to be thorough, I have been looking at files and locations exploits use. I noticed something which might explain some issues I've had with file comparisons. But, I didn't notice the pattern until this morning. I don't know if it's a program glitch or an exploit of some kind.
I noticed that the original wordpress file /includes/wp-db.php and the same file in the suspected hacked site folders on my computer are 2k difference in size. I checked the FTP server location against the original Wordpress file and the files are the same size. If I download the wp-db.php file again, it also changes to 2k difference in size.
In comparing the files, any file I download from the FTP server compares identical via "text" or "ascii" compare. They show the same way in my text editor, too. But, CRC or Binary compare show them as different. In HEX compare view, there is an extra 0D or . character as the first character on every line.
If I upload the original wordpress file and immediately download it back to my computer, this change happens. Any ideas?