This sounds more like from address spoofing than an intrusion. It is comparatively easy to change the apparent from address while sending emails from some kind of spam server or botnet. As others have suggested, you can sometimes track this back to point of origin. In this case, it doesn't make a whole lot of difference what you do, all (s)he is doing is insert a character string into the from field in the email message - (s)he can still do this even if you delete your email address from your ISP or whoever hosts your email. What will happen is the emails will still be sent but anyone who responds will get a delivery failure.
But if, as you suggest, the spammer really does have access to your account, then the only thing you can do to stop it is have your address deleted and set up a new one. Changing the password can make it harder but if the spammer is determined enough (s)he will crack your new one sooner of later - after all, (s)he cracked two already!
When you say you use Outlook, is that the Outlook as part of Microsoft Office or Outlook.com (nee Hotmail). Webmail, like Outlook.com, Hotmail, Gmail, Yahoo, etc are somewhat easier to hack. If you are using the Office Outlook, is that off an Exchange Server or just as a client to a webmail or an ISP mail service? If it's to a webmail service, that's the same as Outlook.com. Otherwise, you should talk to your Exchange administrator or your ISP to discuss your options. Changing your email address will almost certainly be part of it.
The spammer is probably picking up your contacts from intercepted messages but if (s)he does have access to your address book, you should protect it with a password and consider encrypting it to prevent further access.