The RKCL folder. WHere is it located? ProgramData as well?
Also, if you can export the registry keys that would be helpful as well.
The RKCL folder is indeed located in ProgramData as well.
And about how the infection spread, i was working on a project the other night and opened a few PDF's via chrome..that's most ceirtanly the way i got infected as i usually know how to avoid malicious sites / sofware.
I will export all the registry keys related to RKCL and tor as soon as i get home, i've also performed a FRST scan the other night if that helps in any way:
Edited by GangXtaZz, 25 May 2015 - 10:11 AM.