Google likely tracks login data by using the MAC address of the network adapter on your computer. It is possible the person who hit you could have spoofed the MAC address of their network adapter to match yours, which would have made it look like to Google that your machine was logging in from a different place. They were also probably logging in through a VPN server to hide their location, so I wouldn't just presume they were actually in Arkansas.
In any event, however they did it, it has happened. Were I in your situation, I would presume they have EVERYTHING - bank accounts, credit cards, the works. You simply can't afford not to. Change ALL of your account passwords now, preferably from a different computer. Consider requesting account number changes from the various institutions due to identity theft. Also, speak to your financial institutions to determine if you can totally block wire transfers if you don't routinely do them. And, file a police report if you haven't done so yet.
You say you ran a malware scan - did this include a scan for rootkits as well? Some malware scanners like Malwarebytes don't do this by default and actually require you to specifically enable rootkit scans as this functionality significantly slows scans and increases system resource useage. Consider a full wipe and reinstall for the affected computer as a must.
Look at any web browser extensions you have installed and consider getting rid of them. There are lots of them that purport to be valid but are in fact unknown malware - who knows what data they are actually collecting? Also, do you save website passwords in your browsers? I don't.
If you have a wireless router, is the firmware updated? Is the router old? Are you running adequate wireless security? Even WPA2 is broken now, but it is better than nothing. Further, there are some major, dangerous exploits out there now being actively utilized that affect a lot of popular routers (Netgear is a big one) whose firmware can be infected remotely to install malware directly on the router itself. There was also a new proof of concept demonstrated recently that allowed javascript to totally bypass NAT and firewalls on all routers. That one is going to be nasty to fix if it pans out.
I don't allow ANYONE to even touch the machine I use to handle my finances. It isn't that I don't trust them, but I can't trust them. Anyone had access to yours in the past year? Even trustworthy people sometimes do stupid things accidentally, like unintentionally mis-typing a URL or accessing a phishing link without thinking. So, I can't trust them with that machine.
If you are not already doing it, utilize complex passwords for all your accounts. If you have difficulty with this, use the free version of LastPass. It will generate the passwords for you and give you a secure way to store them. The free version also provides a mobile app for your phone (something a lot of the other companies charge for).