We kept on searching around for a solution about this but we weren't able to find a response. All our theme demos that had timthumb were also hacked and after we cleaned the server we updated to the latest timthumb version but we haven't had issues with this script.
Right now all we can do is to ask for FTP access and wordpress backend login data from your site so we can take a closer look - send us the details by completing the contact form from here - http://themeforest.net/user/starshade
We can't promise this issue but we will give it a try. Also, since timthumb has caused lots of problems to us and our clients, we plan to get rid of it from all our themes that use it, this autumn. We will do so for Media Consult, Innova Construct, Aquitaine and Acapella and instead of timthumb, we will use the thumbnails resizing feature that comes with wordpress.