Thank you for getting back to me Blade.
I spent 24 hours following all the tips in the guide and still I was unable to locate all the malicious files which were so deeply obfuscated that none of the free website scanners could find them.
In the end I gave in and paid the subscription to Sucuri. My site was escalated immediately but they eventually managed to clean everything up and secure the site.
Interestingly it appears that the malicious code was injected into the wp-includes/.../tinymce subdirectories but also into the wysija directory, in one of the css files.
On a different website the backdoor to creating hundreds of spam pages was kindly provided by the plugin SEO Adviser.
Lessons learned:
1. run a site search on Google on a regular basis.
2. being stubborn is a gift that helps me get ahead in life but in this instance it caused me to spend days trying to find something that I wasn't equipped to find. Call in the experts and let them do their thing.
Thanks again for your help, it's great to know that there are people on here willing to give up some of their time to assist people like me when we come a cropper with Wordpress. :-)
All the best,
Cristina