I would not suggest removing anything manually unless you know what it does. My plugin only removes code that I have defined as a "Known Threat". The "Potential Threats" are a good place to start looking if my plugin cannot find anything to remove.
Every infection is different and the malicious code keeps evalving and changing so there is no "one right way" to deal with it.
The best way I can help you is if you are willing to let me into your WP Admin. Then I can see what is coming up in the scans, run some custom scans, remove what needs to be removed, and even update my definitions of Known Threats so that they can be removed automatically.
If you would like my help in this way you can send your admin credentials to: registrations at gotmls dot net