Yes i think they used this asp script i found too on the web.

on the script file permissions i saw that at the .asp extension there are POST, GET, HEAD and TRACE Permissions. Now , i am not a webmaster (he's sick at moment), do you think i can delete all except the POST and our regular asp script files should be still executable?

I'm gonna try this...