Hmm. I see a couple of problems here. The first of which is are you sure the messages were really sent from your email account or were they merely sent by someone else who spoofed your email account? I wouldn't be surprised if it was just spoofed and AOL was too incompetent to know the difference (basically anyone can spoof an account, without having to gain access to it. The mail doesn't come from your account in this case, but if they check the mail headers and IP addresses, they should catch this).
See, AOL seems incredibly incompetent in some areas.
However, supposing your account was broken into, AOL
should be able to check your account and see if the mails really were sent by you or sent by a spoofer (and if they really were sent by you, I don't mean you personally, but I mean your account). They should even be able to detect the exact IP addresses which logged in to your account, though this information may not help. I don't know if they are competent enough to do that though.
Then again, if you were broken into, there is a possibility of an AOL server breach rather than anything on your computer.
There is also a possibility that AOL does not encrypt their passwords, so your password went plaintext over the line, someone "sniffed" it, and then used it--nothing you could have done on your machine if this was so (I don't know as I never used AOL as an ISP), but if they aren't encrypting passwords that is horrible design.
So, as you can see, there are cases you have no control over there. BUT, to stay on the safe side, here are the things you can control.
1: Choose a good password-something with letters and numbers is generally preferred and nothing that is a word in any language. Mixing upper and lower case also is good. 8 characters or more is generally preferred.
2: Turn Javascript off (at least turn ActiveX off) before viewing your email. If your email interface requires Javascript and/or ActiveX to be on, you are kinda screwed here. They are probably the easiest means to distribute malware and, of course, once malware is on your machine, the author of the malware may monitor it or do whatever they want, really.
3: Don't access your email on an insecure machine or, if you do, as soon as you are back on your home machine, log in to your email account and immidiately change the password. Public computers are usually insecure machines. I admit it can easily slip the mind, though, so if you remember, you should probably change it then.
4: Don't tell anyone your password. This includes brothers, sisters, parents, friends, boyfriend/girlfriend, police, etc...
(hey, if police really needed to access your account, they could, and you could always use your right to remain silent.
Although they would get the information anyway from the ISP, in that case, but at least it would make them have one more hoop they had to go through)
5: Don't install warez.
Yes, people who break into other people's machines and/or steal their account information are usually scum. These are crackers, BTW. Hackers have a bad rap but hackers are not the problem. Crackers are the ones who break into other people's machines. The problem is that many crackers call themselves hackers, although it is the wrong term. To further this problem, most agencies, including technology agencies, simply call it "hacking".
What this really is is cracking into other's machines.
Hacking is a creative process. Cracking is a destructive process. Every single patch, fix, etc which you have ever used (yes, I mean the legit ones, but any unofficial ones would count too) is a hack. Yes, EVERY one. Most low-level fixing tools are hacks as well. YES, tools which help you fix problems with your computer so that it will actually WORK CORRECTLY again. Cracks aim to defeat functionality in software. Cracks aim to break things. Hacking = good. Cracking = mostly bad though there are some legit uses. Any cracking into other people's machines/account/etc IS bad. Any cracking in order to steal people's products (IE, make a trial version become full version) IS bad.
Did you know that people who work for antivirus companies are crackers? Yep! They crack the viruses/trojans to figure out how to fix them by removing the malicious functionality, if they can.
The more you know.
PS. Use any ISP other than AOL if you can
Careful though as there are "other" ISPs out there which really are AOL, just under different names, so do some research.
OMG....I was hacked...WARNING FOR OTHERS!!! 
and you don't have a clue who it is from or if you get an IM from someone and you don't know who it is don't click it, I don't want anyone else getting hacked by this stupid asshole, if you suspect you are being hacked check your sent folder and if you have the same problem call 1-800-307-7969 between 10 am-9 pm 7 days a week, also please spread the word. 
