First line of defense is to, not only change your password, but to also change all "secret questions" and "answers." And the major email clients like Hotmail/MSN, Yahoo Mail, and probably GoogleMail as well, are now offering free services in which you can give them your cell phone number and they text you a secret code to allow you to get back into your email if the hacking locks you out.
Second, always "log out" of your email when you exit, rather than just hitting the exit X. Hitting the exit X doesn't end your email session, only logging out actually shuts it down. If you just press exit, that leaves it available to be hacked because technically, it's still open, even after you've gone.
Third, since most hacking is done through your address book, temporarily delete all contacts in your address book. Some sources advise leaving it this way for a week or more --- I think that's a matter of judgment. I deleted my address book several months ago after I was really badly hacked and oddly enough, have found that for the most part, I really can live without it. And the good news is that since I've deleted it, I haven't been hacked.
Sadly, getting a new account isn't really the answer, because the new account can just as easily get hacked some time in the future as well.
That last bit of information is the really bad news, and that is, many times your account is hacked by someone stealing your account information. And they use it from a totally separate location to send out the infected emails. So, since the problem isn't connected with your system, there is nothing you can do on your system to change it. And even changing your email wouldn't help because the hacker can still continue to send out infected emails from some other location, but using your old email information. The only way you might possibly be able to control it might be if there was some way to actually "cancel" or "delete" your email account. And even then, it may be possible for those phony emails to continue to go out.