User control in OJS 3.4 post hack cleanup (3.4.03-3)

We were hacked about two weeks ago. As part of the cleanup I went through all the journals and disabled all users except my own (none of our registered users use the system on a regular basis, so it does not matter).

But today I was looking through the database and notices about 10 users registered around, or after, the date we were hacked. Two of them apparently logged in this morning. Only one of our journals, one which has not yet published any articles, had user registration turned on (off now). These users have now been set to disabled, but I can’t find any trace of them in the OJS dashboard. They are not registered with any of the journals. How can I remove all trace of them if I can’t even see them? Do I just delete the corresponding lines in the database?

Hope this message does not drown in the spam that has appeared in the forum…