The other day, I was stupid and didn't take precaution when launching some software, the result was what I believe to be a rootkit attack. It did several things to my system, most of which I was able to stop and clean up, but there is still a process that I cannot seem to stop, no matter how hard I've tried. I've gone through quite a few steps to resolve it but everything I've thrown at it seems to fail at removing it. My guess is it's a variation of the SmartService rootkit, but I could be wrong. I'll give the details of what I know, and if someone could steer me in the right direction, that would be great.
I launched a setup file, which then slapped me with a bunch of random programs and loaded my desktop with 4 or 5 icons for installing games or whatnot. It also reset all my default applications to factory (i.e. Browser is now Edge instead of Firefox, etc.) and it disabled all my add-ons in firefox. When I relaunched firefox, there was a prompt at the bottom telling me something like "this plugin allows us to mine for bitcoin, would you like to keep it enabled?" so I said no. There was no trace of said plugin in my about:addons, so who knows what that was. It also put a bunch of random folders and programs around my system in various places that launched a process called "Hobnobbed". I cleaned all traces and instances of that. It has put 2 folders in my %user%\appdata\local folder that seem to be running a process called "Windows Process Manager (32 Bit)" that I cannot end in the process manager. I also cannot access or delete those folders. I get an access denied error, that claims I need administrator rights (I am the admin, I even tried activating the administrator account on this computer and doing it from there, no luck).
It also made pretty much every anti-virus on the market an untrusted certificate. I discovered this when I tried to launch Malwarebytes, and it told me it stopped it for my safety. I tried reinstalling it, and same thing. I cleared the untrusted certificates, and it worked fine. I'm still having problems launching other anti-virus/malware setups or applications though. I even had to rename HiJackThis to something else so I could run it.
I tried running rKill, it didn't find anything. I tried running Sophos virus removal, and it did pop that file in the local folder, but was unable to remove it. I tried all of the above in SafeMode too, with the same results. The folders I cannot gain access too, I tried deleting with IOBit Unlocker, and Lockhunter.
I also was able to browse the folder when I opened the location in VirusTotal scanner, but wasn't able to scan any of the files due to failed access.
If anyone has any clue what I should try next, or anything, I'm desperate here.
Thanks in advance.