Just some ideas if I was in your shoes:
1. SQL is the target, so I would check SQL Logs for user access - making sure no users you do not know about are accessing it
2. Check the IIS logs for Source and destination URLs - you may want to ban some user IPs if you see they are all from China for example - won't stop spoofing, but its a start
- investigate strange URLs that are being accessed and returned to the user as valid
- investigate the modules at those URLs' pages
3. Check your DNN users, making sure someone hasn't created an account they are using to access SQL through the interface.

These are probably all common sense, but just my 2 cents on where I might start.

Hello Mike

All it takes is to restore the Database. No file System restore (luckily since I'm not sure I have a viable backup of that).

I'm basically seeing entries in the DB are messed with. When the modules load they mess up stuff by adding special characters like ' and " and confusing the proper module functions by passing strings where modules expect integers or boolean.

I did not see any changed content inside my HTML modules as yet but they simply don't appear on the page.

Leupold, I'm still on DNN 6.2.9 because of minimum SQL Server requirements my provider could not meet in order to upgrade to DNN 7.

Upgrade would be possible now but I'm not particularly keen on investing more money on a platform that is driving me nuts because of third party modules I would be forced to purchase upgrades for once I upgrade my DNN core - with no guarantee of solving the problem.

I tried to look at the IIS logs but there is a bunch of websites hosted on the server and I'm not terribly proficient at looking through IIS logs - not really sure what I'm supposed to look for in all that mess.

Is there a freeware software I can use to sort/search the logs for specific entries? Opening the stuff with notepad is a bit confusing. I'm using Excel but it would help if I knew what to look for and if I had a little more filtering.

As for the SQL logs you mean the log files you can find in SQL management studio under Managemen -> Logs or you mean some other log?

If you mean these logs I can't find anything significant apart from the list of all the restores I have performed in the last month or so.

I can't seem to find the user activity. If I filter activities specifying a user I get no records back.

One positive news is that since I removed almost any and all modules having some sort of form and or all links allowing user registrations on my websites the problems seemed to have stopped. 

The downside is I'm back to "good old" unresponsive static showcase sites and HTML 1 in one simple step. :/

Thanks