Quickly looking through the source code of your site doesn't look like anything was added. But like giz said, you could have malicious code on your server.
If your site was compromised prior to the patch, that doesn't mean the patch will fix whats could have been added. You may need someone to go through your server and check things out.
Ask your members what they are doing when they get the alert, what browsers they are using. Run your site through
http://sucuri.net/global, which says your sites good, but you never know. Code could be hidden in any of the .php or .js files
