If you have a different password on your email with 2 factor (that isn't left signed in) then this wouldn't be possible with all the malware in the world, because even in the event that your email is compromised in real time on your own machine via a RAT/RDP you'd be able to reset it with your one time codes or back up recovery method via your phone.
Because your machine was compromised badly I would not recommend to keep using it. Fix the problem:
- hirens boot cd
- virus/malware scan all disks
- move all valuable (and clean) data to external or different hard disk
- pictures, movies, music
- installers, configuration files, plug ins, extensions, etc
- Web bookmarks, documents, appdata
- if you haven't got your windows product key then get it using tools in hirens
- single pass wipe the disk using dban
- reinstall windows on fresh disk while disconnected from the Internet
- additional step. Slipstream latest windows updates and your installers into the windows install (unattended install)
- set up as much as you can after install while still disconnected from the Internet.
- install Microsoft Security essentials, MBAM free and spybot s&d
- disable unnecessary windows services especially ones that are common targets for malware. ie. Remote registry, netbios tcp/ip come to mind. Depends on what things you do with your machine. If you're a single user who doesn't network there are a lot of things you can disable to improve performance and tighten security holes. Check www.tweakhound.com
- if using Windows 10, disable all Microsoft snooping/tracking.
Now connect to the Internet, update your system and security software. Then deep scan your machine. Then make a backup of your system, ideally 2 copies, one on external disk and another across some dual layer dvds. Then you have two backups.
- in future only download trusted files, preferably open source and always verify file checksums
- run no script and better privacy in Firefox
- use different passwords for everything, 2 factor where possible and I recommend a password manager like keepass
I am no expert and that method is by no means perfect as I have typed it up quick on my phone. There are additional steps to be taken if you want to take opsec and netsec seriously and there will be some equally good or better alternatives to things I have suggested. Saying that following what I wrote is more than adequate for the every day gamer.
Dont trust that any anti virus or malware software has fixed the problem. It's like patching up a flat tyre - it will still work but never be as strong as it once was and is more likely to fail again. Same goes for your system. It was compromised badly so start from the beginning again.
Maybe we need a netsec thread.