Thanks for sending me the login info. I was able to remove the remaining threats from the wp-config.php file. It turns out there were three different sets of malicious injections at the top of that file. I updated the definitions so that my plugin could remove each of them without breaking the syntax of the file.
Please let me know if there is anything else I can do.