I've been hacked!

Someone figured out how to get in.  I think it's cause my password wasn't the best.  Hundreds of php files were sprinkled around the various places and suspicious code was inserted into existing php files.  So I reimaged the OS and reloaded my web server files from a backup before the breakin occurred.  They were having a ball sending out emails from my site.