I think I found the log files but of course I don't know what I'm looking for.

I looked at the index.php file and see a bunch of gobbledygook at the end. Is that what you are referring to? Is it safe to assume that any site where I find such code is compromised?

Is the DB itself compromised? How do I know?

aaack...

aaack is right.

Sometimes you can get away with deleting that code from the offending files after getting rid of hack code in htaccess and perhaps fixing the timthumb vulnerability for one (there is a plugin for that issue).

For one site I made a list of all the plugins I had installed, deleted all the plugins, manually reinstalled WordPress, changed passwords etc. etc.

There is no "one way" to fix this. Sucuri and others offer that as a service by I don't have any direct experience with them so can't recommend or not recommend them.

I wish I had a better answer for you.

since I didn't see that code in htaccess, does that mean it got in another way?

Step 1 - CHANGE ALL PASSWORDS
then you can move forward

THAT I'm already working on!

What about the DB itself? Is it possible that there is hack code somewhere in the DB? If so, how would I find it? What would it look like?

Yes it is possible the database is corrupt. I believe some of the links I gave you give some ideas of what to look for