Meh. I have my refund.
Ive run every scan known to man on my machine. No key logger. Never been phished, as the only place ive put my account information in was battle.net.
Nail in the coffin right here. Blizzard will flat out lie to their customers.
They have been compromised. Good luck with it, Ill spend my money elsewhere.
A virus/malware scan only really looks for known code. It is mostly reactive by design.
If I know of an exploit, and don't tell anyone, it is easy to sneak past any kind of scan. These types of vulnerabilities are known as "zero days". If that person writes the code from scratch is it highly unlikely that even the most sophisticated scan will detect anything.
You might not THINK you've downloaded anything, but the reality is if you have ever visited a website with an out of date version of Flash or Java it is possible that someone exploited a particular vulnerability at that time. Flash, Shockwave and older/out-of-date version of the Java JRE are particularly easy attack vectors for things like keyloggers and application specific malware.
Because things like Flash and Java already have access to the browser, it is most likely that your password was retrieved from logging into these forums, rather than logging into the game, although both are possible.
Most large scale Flash vulnerabilities are actually exploited through rich media banners. Foreign companies buy rich media on !@#$ sites for cheap and lace them with bad Flash code that infects your system. Since Flash has a different cache than your browser, clearing browser cache sessions doesn't always help.