Spammer/Hacker logged into my account and created a character to gold sell?

[Fulrem]

Not entirely true, rainbow tables have every possible compilation, even a very complex password that is not more then 10 characters can easily be hacked. ...<snip>

Almost true, they don't have every possible compilation but rather all the "common" passwords which a lot still seem pretty odd like "zaq1xsw2" (swipe up the keyboard in 2 lines . Its still not plausible without a copy of the salted hash + know salt, a single login attempt takes far too long on a live system. Time delay is one of the big things people like Bruce Schneier advocates when considering hash algorithm design. There is the chance of a fan site being hacked & same password being used (i.e. providing the salt+hash to run against rainbow tables), but in most incidents I've come across its malware on the system.

Like Noata mentioned, make sure your AV has heuristics/HIPS ability & that they're enabled. UAC turned on will help if you're computer account isn't local admin, though I find most people at home (guilty here myself) just do everything as local admin.