Well, the possibilities I can think of, and possible countermeasures, are:
1) someone with Admin-class powers (you) installed the program, possibly without realizing it (like, if it were bundled inside of something else... classic Trojan Horse approach)
2) the system has an exploitable Windows/IE vulnerability that grants SYSTEM-level privilege even to a Guest user, and the exploit was used to deliver the unwanted installation. Is the system at Service Pack 2 level plus all 29 post-SP2 patches? Check with
Microsoft Baseline Security Analyzer 2.0. Enable Automagic Updates.
3) the system has an exploitable vulnerability in some other software or service, such as eMule, Microsoft Office, Acrobat Reader, or an IM program, that grants SYSTEM-level privilege to a Guest user, and the exploit was used to deliver the unwanted installation remotely. If you have Office2000, then in addition to MBSA 2.0, also use
MBSA 1.2.1 as well, and/or run the computer through
Office Update until it comes out clean.
4) the system was successfully attacked by a worm that your antivirus and firewall software don't recognize yet. If possible, figure out what the problem is with your router, put it back in place, and
lock it down.
5) the system's hidden Administrator account has a blank password and your system was 0wned by a no-brainer exploit of that weakness. Do this:
(a) Start > Run >
cmd to get a command box
(b)
net localgroup administrators to get a list of all the Admin-class accounts, hidden or otherwise
(c) for each Admin-class account, run the command
net user username strong-password-here to give them strong passwords to prevent this approach from succeeding.
Also, it's generally regarded as a good policy to not use the Guest account, lock it out and use Limited-class accounts.
Anyway, if it were me, that Windows installation would be burned to the ground and redone from scratch, I don't trust a potentially-compromised system any further than I have to.