It sounds like whatever security hole allowed this hacker to exploit your site is still there. If you have run a Complete Scan on your entire site but the same threats keep coming back then the root of the problem might not be inside this site at all.
Is this site hosted on a shared server with other sites? Is possible that one of the other sites on this server is infected and that infection is spreading onto your site.
It seems to be working fine now. I can see that both plugins have the protection installed on you login page now and there is no conflict. You server’s sessions are working normally now and you should not get blocked when you try to login. I’m not sure what caused the problem you originally had but looks like it’s working fine now.
Please let me know if you have any more problems with it.
No, I am not asking to see any scan log because the details I want to see are not saved. The full detail of a scan are only presented in real time at the end of the scan.
If you have already downloaded the latest definition updates then please run the Complete Scan again and show me what it finds.
It looks like you have disabled my plugin so I cannot test it on your site. The error you got was a “No Session” error, which means that your server was not maintaining a persistant session thoughout your login attempts. I can’t tell you why your sessions are not working without access to your site but I can see that you are also using All-in-One WordPress Security maybe there was a conflict with that plugin’s login page additions, I will test that plugin on my site. Which of the two plugins did you install first? and What was the last change you made to you security or serv setting before you started having this problem?
Yes, I see that those links are redirecting to a drug sales website. Have you downloaded the latest definition updates for my plugin and ran another Complete Scan?
Can you send me the results of your last Complete Scan via email?
This is a different kind of threat, maybe it was there from the fist hack, can you fix it with my plugin and then check the infection dates in the Quarantine to see if they are the same as the last infection or if they are newer?
My plugin has always been capable of scanning the site’s root directory, so if you have other sites installed within that directory it may be able to scan them all. You can change the directory level where the scan starts on the Scan Settings page or add all those other site directories to the list of folders to exclude from the scan if you want to.
Yes, I would “network activate” the plugin so that it can be run from any of the site, however you should know that only a Network Admin can run the scans.
Because the files are shared by all the site on a multisite install this means that fixing one site will fix them all.
Thanks again for send me the whole code in this file. I fixed the definition for that threat so now the whole script will be removed, which should fix the problem of the site going down. Please download the new definition update and try it again to make sure it works for you.
Let me know if you have any more problems.
Thanks for posting that code for me. This is a new variation on an old threat. I have added the new variant to my definition updates so that it too can now be automatically fixed using my plugin.
Thanks for helping to keep this project on the cutting edge 
These URLs are currently returning 404 errors (which is good), this means that you have already removed the threat that was producing those pages. It looks like Google indexed those pages on the 12th and cached the spam content that was displayed at that time. Now you just have to wait for Google to re-index your site and clear out the cache for those pages. It may take some time but you can upload a current XML sitemap to Google Webmaster Tools and sometimes Request a Review to speed up the process of re-indexing those pages.
If you look carefully at the results you are seeing you shoulod note that the actual threat is now gone. there are no more infected URLs on your site and Sucuri is now confirming this. What they are still saying, and this is what you are focusing on, is that your site is still BLACKLISTED (not infected
You still need to request a review in your Google Webmaster Tools account to get your site off Google’s blacklist. Then Sucuri will show that it’s all good 
Oh, hold on, I just re-scanned that second site on sucuri’s sitecheck and it is clean too. It said that the results were 48 hour old so I guess you didn’t do the re-scan on that site.
You still need to request a review in your Google Webmaster Tools account to get that site off the blacklist.
Can you send me a login to that site so I can find that last threat and add it to my definition updates? You can reply to my email address directly with the login detail.
This is caused by a JavaScript error on your login page. Check the Error Console in your browser and you will see that my plugin’s dynamic JavaScript (/wp-admin/admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess=…) is being blocked by your server “Failed to load resource: the server responded with a status of 403 (Forbidden)”.
I see that you are using at least one other type of login protection, perhaps one of the other security plugins you have installed is blocking my script from loading on your login page.
