Not trying to cause panic or anything but if your credentials were stolen via malware planted on your system you might want to consider rebuilding your computer. The reason being malware such as that can only be planted via some kind of exploitation of a vulnerability or installed from an account that has Administrator access to the system. There is no way to know if the malware performs other functions such as stealing your online banking credentials as well. Or other malware could have been installed that does this. A keystroke logger on a system is a bad thing and we always require our users (I work in Information Security for a University) to rebuild their systems.

EDIT: Korrekted a spaling misteak