It looks like some sort of analytics code to me. It sends details on the URL requested, remote IP address, browser user-agent, etc to "http://mbrowserstats.com/statH/stat.php". I'm not familiar with that particular site, but it may be legit. Sometimes antivirus software reports these things incorrectly.
Based on a few searches, it seems a bit 50/50. It seems like it doesn't do huge harm, but may be distributed by hacking. A few sample pages I found about it:
- http://www.wjunction.com/16-webmaster-discussion/166680-site-hacked-here-code-pls-help.html
- http://ninjafirewall.com/malware/index.php?threat=2013-02-22.01
- http://onlinelinkscan.com/results/mbrowserstats-comstatestat-php/
- http://www.statscrop.com/www/mbrowserstats.com
Probably safest to remove it, and follow some of the suggestions on preventing reoccurrence.
