Ah, crap. TimThumb got hacked.

Sigh. I forgot to check one of my sites, and wouldn't you know it? It's the one that got hacked. I'm running a site that has TimThumb and it's been hacked. I'm obviously going to upgrade it and remove TimThumb, but what else should I look for? Should I completely export the database and start over, should I just load a fresh theme? Should I change all my system-wide passwords? Basically, how bad is that exploit and how far could it have spread?

Also, what happened to the WPMU Dev members-only discussion?

THanks!