You may want to check your templates and database. There are a variety of link injection schemes. One puts an innocuous looking call to a php file in the footer. Another modifies the database. I had a similar experience, and modifying the footer and updating WP cleared up the issue, although Google kept some of the cached spam around for months. Rankings/traffic recovered somewhat, though not to the pre-hack level.