Did that user use IE or only Firefox?

Did that user download on installed any new software?

Chances are fairly low to get infected with Firefox by visiting websites, provided that all plugins (Java, Flash, Adobe Reader) are up to date.

Firefox stores the history in an SQLite database file places.sqlite in the Firefox Profile Folder.

• http://kb.mozillazine.org/Profile_folder_-_Firefox

• SQLite Manager: https://addons.mozilla.org/firefox/addon/sqlite-manager/

The user only uses Firefox. I have version 4.0.1 installed. This user does not like IE.

From Malwarebytes' log the virus was located here the first time here: c:\Users\<user id>b\AppData\Local\sll.exe (Trojan.FakeAlert). I am still not sure how the virus was able to install the first time around since I have this user locked down - not able to install without admin privileges.

The second time here: c:\Users\<user id>\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\IUFEUHVK\info[1].exe (Trojan.FakeAlertRP.Gen) . This did not get installed.

I try to keep everything current with the latest version.

I still want to review the history logs to record the sites visited. Then try each site one at a time to see if virus appears. I know this is a painful process, but how else do I determine where the virus came from? Back to my original question, how do I reveiw Firefox history log by using the admin account?

You will have to copy the file places.sqlite from that user account to a Firefox profile folder in your account then you can see the history in the Library.

The locations where you found that trojan are not locations used by Firefox.

The file \Local\sll.exe is most likely placed there by running an installer.

The file in "temporary internet files\Content.IE5\IUFEUHVK\i" in the IE cache is either from using IE or saved from using a MS plugin like WMP or Silverlight.