Hi again -
I took a another look at the file structure for current date stamps. For 8/13/14 I see:
wp-content/themes/classic-theme3/gallery-single-template.php
wp-content/themes/classic-theme3/gallery-template.php
I did not update the theme on that date, as no updates have been available since WP3.0 (client insisted on this theme over my objections that it was out-of-date & unsupported ...)
Also, there is no value in keeping that folder called oldsite_032313 where the backdoor script was found - shall I delete it or do you want to look around within it? I'd really like to know what the source of this hack was originally just for education purposes (mine, the client).
Thanks again,
Cynthia