The system hack that happened to me isn't isolated just to me. A friend's friend also got attacked in a similar way: All Social Media Accounts Hacked, Gmail & Microsoft. Here are things that helped.
Optional but highly recommended: Find another system and change all your passwords for all accounts that have passwords stores in them like Google and Mozilla and any other that you use. While there, also change the passwords for your social media accounts. Also add 2FA for all of them and remove all other previous devices. Then follow the rest on your current/compromised system:
Ctrl+Shift+Del and delete all Cache and Cookies from all time from all browsers.
Optional but highly recommended: Export all your passwords from all your profiles onto a new device that has not yet been compromised(This can also be an Android Phone).
Use an offline password manager to import all passwords into it and secure it with a brand new password that you have never used before. Write it down physically and store it somewhere safe in house as if you lose this, you lose all passwords. I used KeePassXC (Android) because it was open source. The last thing you want right now is to install anything that is not open source.
KeePassXC will create a database file(a few KBs) that now has all your passwords. Keep this file safe on another devices as you will use it later.
Delete all synced password from all your browsers now including offline ones.
Your current OS is compromised. Disable Internet physically. Remove online account from your current OS and remove all passwords and pins from it and remove Bitlocker if you have it. We need to be able this old system from the new one we are going to install.
Move all your Documents, Pictures, Downloads, Videos & Music User Folders from your account into a new location so that once on your new OS you don't have issues with accessing them.
Install a new one OS alongside this old one(It can be the exact same OS that you're using right now). You don't have to remove anything from this old one yet.
Once the new OS is installed(Windows 10 Pro preferably) and it's Windows Defender is updated, do a full system scan with Windows Defender, MalwareBytes, KVRT & Hitman Pro to isolate what files on your system might have been the cause. KVRT & Hitman Pro are one run only but keep MalwareBytes installed for a few days as you will be handling your old system files.
The files that show up as issues, upload to VirusTotal to confirm if they are actually so or is it just a false positive.
Install the Password Manger on your new system that you used to store all your passwords earlier and import the password database file into it.
Install your browsers and login into them AND SPECIFICALLY DISABLE SAVING PASSWORDS IN THEM. You have your offline password Manager for that.
Now is the time to start changing passwords and adding 2FA and printing recovery codes for 2FA and also backup codes where you can't use 2FA for all your accounts.
Prioritize your main accounts: Your Google, Facebook, Instagram, Microsoft and all accounts that are used as a login into other accounts. Change passwords on all of them and create new long complex passwords with your password managers.
Once your main accounts are done, you can now breathe a little and start changing passwords for your less secure accounts everyday bit by bit.
For your old Windows installation, it's only there for you to see what you had installed earlier on that system. Don't login into that OS but just check the files from this system. And slowly start deleting the old system files.
Note: Users//AppData is a hidden folder that might have installed files in it so keep it around for a bit unless you're sure you have uninstalled it.
Check https://haveibeenpwned.com/ to see which services leaked your passwords and change those passwords with priority.
Now, things to do to not let this happen:
Don't install a browser extension that's not open source. And if you have to, install them into a new browser profile (portable mode) which doesn't have your major(accounts that are used on other accounts) account logins in them. For example, I need Unhook for YouTube(which is closed source) but I don't need to login to a Google account to use it so I created a new browser profile where I don't have a Google Account Login and I am writing this post from that profile right now.
Whenever signing up to a new service, never do Sign in with Google, or Facebook or Github or Steam or anything like that. Just use simple email and password login for them.
While going through your passwords, sort by passwords and see which common repeated passwords are there. And consider just deleting your accounts on the services you no longer use.