Shrink-
It seems like you have some good advice here. Let me try to distill the best of it.
1) You could have a spy program that records your every keystroke. It could have gotten in through email or virus.
Solution: Run the lastest/best anti-virus and spy detection programs. If you are part of a network (but behind a firewall), you can open your machine for read-only sharing and have a non-infected PC scan your drive (in case virus has corrupted anti-virus software already on your computer).
2) Firewall should be set the most restrictive settings. Allowing you to surf out and get email from your ISP and instant message, but everything else should be off.
3) Contact your ISP about changing your IP address. If you have cable-modem or DSL, you may get the same ISP every day. Your ISP can reassign you, so the hacker would have to find you again (though your real IP address is contained in the headers of any emails you send, even using hotmail). This is stop-gap measure to give you some breathing room, but it won't help if you have infected computer giving you away.
4) Newbie666 is 100% right about have all different passwords, and complex ones, not dictionary words. A determined hacker can crack almost anything, but the more difficult/expensive you make the attack, the more you deter it.
5) There is an MS-DOS command:
netstat -an
It shows all your internet connections. Run it immediately after boot, before you run browser or surf. If you see any outside IP addresses, record them and the ports. I identified the presence of a virus on a friend's computer this way. All the IP addresses were in Russia. Some viruses supress this, but many don't bother.
6) Don't let anybody else touch your computer (not wife, girlfriend, neighbor, nephew, etc.) They will probably click on some site or email and infect your computer.
7) Stop visiting the porn sites. ;-)
