Since they can't use a USB flash drive or a CD-ROM to bring in the virus, there are few possibilities left. Since the file is an executable and given the path above, I doubt it was downloaded via IE or firefox, unless the user intentionally meant to.
Another possible way to get infected is to open a viral email attachment (in outlook or any other email client or even a webmail). This is probably a more valid scenario.
By the way, I'm wondering why the automatic scanning feature of your anti virus did not catch it. If the feature was ON, the anti virus should have caught the virus the moment it's being created. I'd check to see if it's ON.