Also consider disabling classic asp support on your IIS - judging from the files above the thing hacking you is using (or trying to use) some IIS vulnerability where ;txt is appended to 0.asp.
Composite C1 do not require asp support, only asp.net, so you can safely disable it.
This fact make this look more like a automated attack and not someone who figured out how to exploit Composite C1 and patching your server and tightening security is probably what will save you,
There are also uploaded php files, which support the "automated tool" theory. And also could point to FTP as the problem area - the attackers likely upload asp, php and other different server tech and then try to see what will actually run on your server.