wordpress hacked – cannot find how hacked pages still appear

Hi guys,

This is a last resort post as I’ve tried all sorts to get rid of my hacked wordpress.
The first I knew about it was when google had blocked my site saying it had malicious downloads in there. Turns out there’s a link farm in the footer.

So, what I’ve done recently was to install the Arras theme and a twitter plugin.
What I’ve done to try and remove it:

– removed & deleted the Arras theme
– removed & deleted the twitter plugin
– disabled ALL plugins to see if that was the issue
– ensured ALL plugins and wordpress are the most recent versions
– scanned through server logs (couldn’t see anything out of the ordinary)
– checked last modified times of most of wordpress directories via FTP
– checked users (only one, my admin)
– checked the database (phpmyadmin) for abnormal text in posts (eg: LIKE %<iframe%)
– removed ALL widgets

I have done all the above and the code is STILL appearing. It seems to have a Javascript include in my header file which I guess is what’s responsible for injecting hundreds of hyperlinks to the footer? I have a line of JS as follows

<link rel='shortlink' href='http://wp.me/pZpJA-82' />

I cannot see HOW or WHERE that is getting inserted. I have tried using ALL the available themes and it’s still appearing on each. The site in question is http://www.mattfacer.com

I’m tearing my hair out here!! Thanks for any advice.