I had a note pad file with my wallet words on my pc, I think that is how they got it.
Very well imaginable :/
Such sensitive information should only be stored offline without the possibility to be accessed by stranger.
At least an encryption with a password which is long enough (stored offline) should be done before keeping sensitive data on your PC.
I haven’t claimed any forks but I have opened the wallet a few times to look at my coins.
It is unlikely that the RPC vulnerability led to your coins getting lost.
This would have required you to have:
1) Your wallet open
2) Your wallet NOT password protected (which it is according to your posts)
3) Visiting a malicious site which tries to exploit the vulnerability
.. at the SAME time. It is pretty 'safe' to assume that this was not the way your data got leaked.
Since the hack I have disconnected the hard drive.
Note that simply disconnecting the hard drive doesn't change anything.
If your system was/is infected, simply changing hard drives won't change much.
You need to make sure to completely fresh install a new OS. In most cases this is enough.
There are still some cases (e.g. root kits) where installing a new OS won't help, but those are rare.