This process is a lot more work than is needed.
I'm reworking a document on this but essentially to clean sites we use the PHP Malware Scanner
to scan sites to find malicious files/shells and backdoors. Once you find the naughty files, you remove them.
You can essentially remove the entire core and the Manager directories (if you don't use custom lexicon files). You must keep /core/components/ /core/packages/ and /core/config/config.inc.php. You'll also need to keep your config.core.php files. In /core/packages you can also delete the directories and leave the transport packages. Once those dirs are removed you should be able to fetch a clean install of MODX and use rsync to replace missing/altered files. You can then run setup in upgrade mode.
With regard to the DB, I've not seen any SQL injections with the recent hack. I have only seen SQL injections of users and bad plugins/snippets in the hack of sites on 2.2.15 and below.