I am the IT admin for a law office. After I heard about the CryptoLocker virus on Security Now last week, I started looking at ways to protect my users from infection. I implemented group policy to prevent any executables from AppData, after which, one user reported she was getting an error when running internet shortcuts. Her default browser had been set to %LocalAppData%\Firefox\firefox.exe instead of the one in Program Files (x86). Is there any legit reason for it to be installed in the user profile, or is this something malicious? I am leaning toward wiping the machine anyway, as this user seems to get infected more than most.