Oh man... c99.php is bad stuff. It's most likely the result of a remote file inclusion vulnerability.
The best ways to prevent RFI's are to secure weaknesses in the PHP interpreter:
- Turn off register_globals
- Turn off allow_url_fopen
Of course, this may break some of your production scripts!
Anyone who can plant c99.php on your server can delete all your data.
Run a full backup immediately, then delete c99.php and find out how it was planted on your server.
What script does that "images folder" belong to?