There isn't such a thing as Core Sevices in Evo - simply delete it
Your best bet is to delete everything on the server - sounds radical, but it ensures everything that was modified by the hacker is removed.
Now backup your database and then clean it as good as you can, start by using the following queries:
SELECT * FROM modx_site_plugins WHERE plugincode LIKE '%base64%'
SELECT * FROM modx_site_plugins WHERE plugincode LIKE '%(128/2)%'
Change "modx_" to your table prefix if different.
Once you have cleaned the database, upload
the new version of Evo and install it as normal, in update mode
Then, once it's working, add your images, files, CSS etc. back into the newly created site - after checking them of course.