First Step: Change all of your passwords.
Second Step Site Cleanup: You will first need to make sure your website does not contain any hacker files or code. Either restore your website from a good backup that does contain any hackers code or files or make a backup of your database and all files and save it to your computer and re-install everything again and then restore ONLY your content to your WP DB and ONLY upload files like /uploads images back into your website.
BPS and BPS Pro are designed to keep hackers out, but if they are already have their files uploaded to your website then they are already passed the BPS and BPS Pro defenses. Don't be fooled by claims that a scanning plugin can automatically clean up your site for you. This is just not possible. The reason for this is scanners must be told what to look for and will find the injected files because the malware signature is a known parameter, but the origin file that is injecting the code will probably not be detectable because it will be using standard php functions and will appear to be a legitimate file.
I am not going to do a sales pitch here and instead am just going to advise you to do some research on BPS Pro. Look around and see what other folks are saying and I think your decision will then be a no-brainer. ;)