What happens with the stolen passwords depends on what the theif wants to do with them, if anything. :/ The other 'check' was probably testing your ports. Password stealers can be some type of keystroke capture program which sends it's data to a particular place (ftp/http location, email address, irc channel, whatever). Passwords can be located in a variety of different files (cookies, pwl files 'wallet' files, etc. They're supposed to be encrypted, but windows encryption is notoriously inept.

The fact that your machines share a router does not necessarily mean they're all corrupted, but they could be, especially if you share files or programs between them. All of them should be checked, and disinfected if necessary.

If by 'wipe out everything and start from scratch' you mean a low-level format of all drives and re-installation of everything from CD, you should be safe. Just be sure when you re-load you include an up-to-date antivirus program. :)