Eugk,
As far as the actual lines of code that caused it, no I did not. But I disabled in dashboard editing of php scripts (and other hardening measures for wordpress) and I switched webhosting providers.
I was able to see in my logs over the next few days after switching providers that someone was hammering on the username that my ex-webhost had left on our wordpress for them to login and do maintenance. So I think that they must have had a weak password and that let someone malicious manipulate some of the PHP on my theme.
Its been resolved now with the new theme, so I'm just happy to be back to engineering microphones and not dealing with a malware plagued website anymore!