If I were you, I'd change my pass like this:
1. Enter you old password normally (cause the hacker already knows it).
2. Type you new pass with the help of dummy characters
(Eg. If I wanted to make a pass named "sero", then I would first type "
s", then some gibberish like "hfjsifdddf
eohhnd", then select the text around the letter "
e" with a mouse (!) and delete it, then type something like "hfudsiprhjuhvjfohfjuse
rhok", select the text around with a mouse again and delete it... etc.)
3. The longer your new pass is, the better.
4. Get some decent anti-spyware stuff, update it, then switch off your Internet connection and do a full system scan. I recommend Spybot - easy to use and it's free.
EDIT: Almost forgot, after the scan, change the pass again just to be sure.
Good luck.