Log into http://panel.dreamhost.com/
And change your password to the account they are using. Log in via shell and do: pkill -fu where user is your username. That will immediately kick them out of shell. kill -1 should do it, too.
Then, locate anything they changed. Use your snapshots to restore anything necessary. When you login via shell, cd into your snapshot directory: cd .snapshot
Directory names are self explanitory.
*Edit – let ask you this, where is did he “hack” your account? Via the dreamhost site? If that’s the case, change the password to that account: https://panel.dreamhost.com/id/
Unfortunately, I don’t know of a way to kick them out of that site. Maybe the password change will promot him to relogin, hopefully. /shrug
yerba# rm -rf /etc