[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 05:45:44 UTC 2006
Alfred von Campe <alfred at 110.net>

My home system has been hacked.  It's running CentOS 4.4, and I  
recently added an account to play around with Samba shares to back up  
PCs here at home.  I had set a weak password for that account and  
forgot to disable it after my testing.  I could hear the disk being  
accessed constantly, so I knew something was up.  I disabled the port  
forwarding to my CentOS box on my Linksys router (only ports 22 and  
80 were being forwarded).  After some poking around, I found the  
following files in the directory "/var/tmp/  /..   ":

-rw-rw-r--  1 backup backup   9468 Dec  1 00:20 azi2.seen
-rw-rw-r--  1 backup backup   9513 Dec  1 00:20 azi3.seen
-rw-rw-r--  1 backup backup   9513 Dec  1 00:20 azi4.seen
-rwxr-xr-x  1 backup backup 504464 Feb 10  2005 -bash
-rwx--x--x  1 backup backup  22936 Feb 10  2005 kswap.help
-rw-r--r--  1 backup backup   1085 Dec  1 00:00 kswap.levels
-rw-------  1 backup backup      5 Nov 29 17:28 kswap.pid
-rw-r--r--  1 backup backup   1480 Dec  1 00:00 kswap.session
-rw-r--r--  1 backup backup   4731 Dec 25  2005 kswap.set
-rw-r--r--  1 backup backup 165073 Dec  1 00:26 LinkEvents
-rw-r--r--  1 backup backup    258 Dec  1 00:00 mech2.users
-rw-r--r--  1 backup backup    258 Dec  1 00:00 mech3.users
-rw-r--r--  1 backup backup    258 Dec  1 00:00 mech4.users
-rw-r--r--  1 backup backup    258 Jun 28  1999 mech.users
-rwxr-xr-x  1 backup backup 174396 May 17  2004 pico

Anyone recognize this root kit (if that is what it is)?  I've  
disabled the backup account, and re-enabled port forwarding on my  
router (so I can access the system from home).  Other than deleting  
these files, is there anything else I should worry about?  I'd rather  
not re-install the OS...

Alfred