If you have a lot of bloatware on your Windows installation courtesy of the computer manufacturer, do a clean reinstall of Windows. You can find the license key that your computer uses using a tool like ProduKey .
Once you have a clean Windows installation, create a local admin account and a local normal user account. Using the non-admin account for everything and only using the admin account to authorize software that needs admin privileges to run on the normal user account will protect the computer from 94% of critical Windows vulnerabilities. It does however not protect against crypto-miners like Coinhive in my experience. We'll counter that later on. One problem with this account setup is that Microsoft has started demanding admin accounts to run Windows Update and even to just get notified of new updates, so Windows Updates has to be run when logged into the admin account.
Tweak the privacy settings so that you're sharing the bare minimum of data with Microsoft while still keeping the OS functional. Install Windows Updates and when that is done, create a system restore point so that you can go back to this clean state if needed.