Real answer? Shut your PC down, pull the hard drive, and use a dock to pull your personal data to another PC. Only files you are 100% certain are clean. No apps or scripts.
Then wipe the machine without using an internet connection. Change all your passwords and reconfigure your home network. Then reflect on what you did in regards to risky online behavior and be more proactive in protecting your privacy and data.
If real, how they did it is irrelevant if you don't have forensic know-how. You need to now be proactive in preventing any further interference. If they can create a file on your desktop, they have access to the system and what is on it.