My site: http://www.rondubinphotography.com has apparently been hacked. The code shows up under the footer and after searching every page within the site cannot find where the insertion is coming from.
I contacted you privately via the form on your site.
In the short term, one of the sure fire ways to track down altered files is to examine the server timestamps of the actual files. You can do this using an FTP client, for instance, and looking at the dates associated with the files. Those dates indicate the last time a file was ‘touched’. Unusual timestamps that dont jive with other similar files, or starkly more recent timestamps on files can be a very good indication that a file has been tampered with.
the obvious starting point would be your theme’s footer.php. Next take a look inside the function.php
My copy of thesis is at home though, and that theme is fairly complex, so without seeing the files…