It took a while for Windows Defender to find it, but as it turns out it was an unlicensed version of Steins;Gate. It was labeled as a browser modifier that changed the respective browser's shortcuts into a .bat file. Luckily, because of how I start my browser (using windows key + r) I avoided running said .bat files, consequently not allowing the programs to actually attack my computer. The process that did this was called environment.exe, which out itself into the shell:startup folder, and caused User Account Control to ask for various other games to install with administrative privileges. I, knowing something was wrong, said no to every one of them, and refused to grant admin privileges until I had fixed the problem. If there is a way to access a full report of all actions Windows Defender took, I will be happy to post a text version of said actions.
Edit: I found the logs and here's what showed up
Code:
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 2/15/2017 6:45:49 PM
Event ID: 1116
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Lenovo
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou&threatid=224074&enterprise=0
Name: BrowserModifier:Win32/Prifou
ID: 224074
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\*username*\AppData\Local\3ecdc4e62ebfb280\Kuhosod.dat
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: LENOVO\Ozzy
Process Name: C:\Users\*username*\AppData\Local\0869E9~1\ProductUpdt.exe
Signature Version: AV: 1.235.2880.0, AS: 1.235.2880.0, NIS: 116.72.0.0
Engine Version: AM: 1.1.13407.0, NIS: 2.1.12706.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
<EventID>1116</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-02-16T00:45:49.858488300Z" />
<EventRecordID>309</EventRecordID>
<Correlation />
<Execution ProcessID="2160" ThreadID="1416" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>Lenovo</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">4.10.14393.0</Data>
<Data Name="Detection ID">{25FB5A1A-17E2-49B0-8B84-06B58DDDC36A}</Data>
<Data Name="Detection Time">2017-02-16T00:45:48.553Z</Data>
<Data Name="Unused">
</Data>
<Data Name="Unused2">
</Data>
<Data Name="Threat ID">224074</Data>
<Data Name="Threat Name">BrowserModifier:Win32/Prifou</Data>
<Data Name="Severity ID">4</Data>
<Data Name="Severity Name">High</Data>
<Data Name="Category ID">13</Data>
<Data Name="Category Name">Browser Modifier</Data>
<Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou&threatid=224074&enterprise=0</Data>
<Data Name="Status Code">1</Data>
<Data Name="Status Description">
</Data>
<Data Name="State">1</Data>
<Data Name="Source ID">3</Data>
<Data Name="Source Name">%%818</Data>
<Data Name="Process Name">C:\Users\*username*\AppData\Local\0869E9~1\ProductUpdt.exe</Data>
<Data Name="Detection User">*user*</Data>
<Data Name="Unused3">
</Data>
<Data Name="Path">file:_C:\Users\*username*\AppData\Local\3ecdc4e62ebfb280\Kuhosod.dat</Data>
<Data Name="Origin ID">1</Data>
<Data Name="Origin Name">%%845</Data>
<Data Name="Execution ID">1</Data>
<Data Name="Execution Name">%%813</Data>
<Data Name="Type ID">0</Data>
<Data Name="Type Name">%%822</Data>
<Data Name="Pre Execution Status">0</Data>
<Data Name="Action ID">9</Data>
<Data Name="Action Name">%%887</Data>
<Data Name="Unused4">
</Data>
<Data Name="Error Code">0x00000000</Data>
<Data Name="Error Description">The operation completed successfully. </Data>
<Data Name="Unused5">
</Data>
<Data Name="Post Clean Status">0</Data>
<Data Name="Additional Actions ID">0</Data>
<Data Name="Additional Actions String">No additional actions required</Data>
<Data Name="Remediation User">
</Data>
<Data Name="Unused6">
</Data>
<Data Name="Signature Version">AV: 1.235.2880.0, AS: 1.235.2880.0, NIS: 116.72.0.0</Data>
<Data Name="Engine Version">AM: 1.1.13407.0, NIS: 2.1.12706.0</Data>
</EventData>
</Event>